Data Management is the set of processes, tools and methodologies for collecting, qualifying, storing, using and securing data within an organization. As data management continues to grow, companies need to define and implement a clear strategy to overcome the challenges this notion implies.
An effective Data Management strategy means better informed decisions, increased capacity to optimise costs and bring innovative products to market. To sum up, without well thought-out data management, there is no gain in productivity, responsiveness or growth in turnover.
Definition and evolutionary perspectives of Data Management
Data Management is applied throughout the data value chain:
- The “data” infrastructure that needs to be deployed: relational databases, data warehouses, data lakes, data hubs, etc…
- “Modelling”, which defines the structure and the relationships between the available data sets.
- Data integration, which consists of bringing together data from various sources.
- Master Data Management: centralising all the most essential data (financial, customer, supplier, product, etc.) of the company in a single file. These reference data can thus be used without any risk of error.
“Data management is a key issue for all companies for business, opportunity, risk management and internal efficiency reasons.” Laurent Morel, PwC
Although the term Big Data originated over 30 years ago, there has been a shift in trends in its practice and application.
A 360° communication needed between all departments
In order to ensure a good understanding and efficient sharing of data, while avoiding conflicts of interest, a 360° vision must be applied if all projects are to be carried out in the best possible conditions. It would be a serious mistake to apply an ultra-centralising vision, where one person (or department) would be responsible for all the issues related to data.
This of course requires team acculturation:
- Awareness of the risks due to poor data management (loss or leakage of data, exposure to cyber attacks, etc.).
- Awareness, beyond the purely security aspect, of the inestimable value of some of their data sets, in terms of customer satisfaction, winning new markets and product innovation.
Any Data Management project is really a change management process. The impetus must come from the highest level of the company’s hierarchy, thanks to a vision transmitted to all employees. But this impetus must also be embodied in all the departments, through all the projects carried out on a daily basis.
‘Decompartmentalised’ access to data
In addition to the heterogeneity of data sources managed and shared within companies, companies also have access to many third-party repositories. One of the main third-party repositories is the DUNS Number, the Data Universal Numbering System. Created by Dun & Bradstreet in 1962, it is assigned to each entity in the global database and is used to validate the identity of the supplier during its time of onboarding.
The DUNS Number is the international equivalent of the SIRET in France, or the Company Registration Number in the UK: it identifies not only the company, but also the establishment. It covers more than 440 million entities worldwide, i.e. nearly 95% of all companies.
Depending on the level of information, the DUNS Number will handle two types of links:
- Legal links: I belong to or am the right legal entity;
- Capitalist links: I belong to the same group of companies because we share the same parent company.
“The functional role of the DUNS Number is to guarantee the consistency of information, in order to ensure a common language between all the company’s databases,” – Michael Lisch, Altares
Financial Departments must also take into account external data sources such as Open Data or Open Banking. External information is also needed for compliance with KYS (“Know Your Supplier”) procedures.
Data governance: a legal issue to be mastered
Governance models are not the same in all organisations, but the following broad families of practices can generally be distinguished:
- Data quality: having accurate, complete and reliable data is the cornerstone of any data-driven organisation. Without good data, a governance programme is not robust.
- Data security and compliance: this involves defining and characterising data sources according to their level of risk, and then creating secure access points, maintaining a balance between user interaction and security.
- Data stewardship: this controls how teams use data sources. Stewards lead by example to ensure access, security and quality of data.
- Data transparency: business users, but also data analysts, must be able to easily trace the origin of their data and find out if there are any particular characteristics.
Regulatory controls for financial teams
When entering into a “business relationship” with new suppliers, it is essential to have implemented a number of “onboarding” processes beforehand. These processes aim to assess the degree of compliance, risk and performance of these suppliers, but also to ensure their identity, while validating their data and bank details.
GDPR for data compliance
In addition to the notions of “Privacy by Design” and “Security by Design“, the GDPR regulation imposes new obligations on subcontractors, in particular by requiring them to draw up model contractual clauses as an appendix to the subcontract. The GDPR also stipulates how to react in the event of a personal data breach, whether it occurs within the company itself or within the premises of one of its suppliers.
It is strongly advised to apply the following good practices recommended by the CNIL (French National Commission on Informatics and Liberty):
- Determine everyone’s status: principals and service providers/suppliers should define their respective roles (controller or processor) in the context of their relationship, with the aim of agreeing on their respective obligations.
- Establish a clear contract: the controller and the processor must enter into a contract which precisely defines the purpose, duration, nature and aim of the processing, as well as the categories of personal data and the categories of data subjects.
- Documenting the subcontracting activity: the controller must ensure that its subcontractor complies with the GDPR.
- Use tools that does not intrude personal data
- Guarantee the security of collected data
Data governance governed by a wide range of regulations
More globally, data governance is part of a framework that includes numerous regulations.
- The NIS Directive (Network and Information System Security): adopted by the European institutions in 2016, this directive aims to ensure a high level of security for EU companies.
- SWIFT regulation: as part of a security programme called the Customer Security Programme (CSP) launched in 2017, SWIFT aims to strengthen the security of its own network infrastructure and that of its customers.
- The Basel Accords (1, 2 and 3): these are banking regulatory agreements whose objective is to guarantee the financial soundness of banks.
- The European Banking Authority (EBA): the main task of this authority, which is independent of the EU, is to contribute, through the adoption of binding technical standards and guidelines, to the creation of a single regulatory compendium in the banking sector.
- Solvency II: this regulationSolvency II, which came into force at the beginning of 2016, is a set of rules setting out the solvency regime for insurance undertakings in the European Union.
“IT security laws require companies to put in place preventive security measures – fraud and intrusion detection – and corrective measures to know how to react in case of an attack.” – Betty Sfez, Cabinet Solegal
Want to know more about Data Management and governance?
Get the last white paper “Data Management: the cure for wire transfer fraud ” paper co-branded by Trustpair and Altares!