Skip to content
Leer este articulo en espanol
Whitepapers
Data Engineering

Data Governance: From Legal Obligation to Competitive Advantage

A
abemon
| | 18 min read | Written by practitioners
Share

The problem isn’t compliance. The problem is your data lies.

Most organizations discover they need data governance the hard way: a board report with numbers that don’t add up, a regulator requesting data lineage that nobody can reconstruct, or an ML model producing absurd predictions because it was fed well-formatted garbage.

The reflex is to treat it as a compliance problem. Hire a DPO, write some policies, implement a cookie banner, declare victory. But GDPR is just the surface layer. The real problem is that the organization doesn’t know what data it has, where it lives, who touched it last, or whether it’s correct.

We’ve worked with logistics companies that had 47 different definitions of “completed shipment” scattered across 12 systems. With law firms that discovered client data in test environments three years after the case closed. With retailers whose “real-time” inventory had a 6-hour lag because nobody knew an ETL process was silently failing every night.

Those aren’t GDPR problems. They’re data governance problems. And they cost real money.

What data governance is (and isn’t)

Data governance is the set of policies, processes, roles, and tools that ensure an organization’s data is accurate, consistent, secure, and usable. It’s not a tool you buy. It’s not a project with an end date. It’s an operational discipline, like accounting or quality control.

What it’s not:

  • Not just GDPR compliance. Compliance is a subset of governance, not the other way around. You can be perfectly compliant and still have unusable data.
  • Not an IT project. If it lives exclusively in technology, it will fail. Governance requires involvement from business, legal, operations, and data teams.
  • Not a fancy data catalog. A catalog without update processes is a dead document within six months.
  • Not a brake on innovation. Done well, governance accelerates access to reliable data and reduces the time teams spend cleaning, reconciling, and arguing about numbers.

The four pillars

A mature data governance program stands on four pillars:

1. Data catalog. The inventory of all data assets in the organization: tables, files, APIs, dashboards, models. Each asset has an owner, a description, a schema, a classification level (public, internal, confidential, restricted), and a quality indicator. Without a catalog, nobody knows what data exists or where to find it.

2. Data quality. Measurable rules defining when data is “good.” Completeness (no nulls where there shouldn’t be), uniqueness (no duplicates), consistency (the same concept has the same format everywhere), accuracy (the data reflects reality), and freshness (the data is up to date). These rules are automated and run continuously.

3. Data lineage. The ability to trace a data point from its origin to its consumption. When a KPI on a dashboard shows an incorrect number, lineage lets you follow the thread: which table feeds it, what transformations were applied, which process loaded it, which source system it came from. Without lineage, debugging an error in an executive report becomes archaeology.

4. Organizational model. Who is responsible for what. Data owners (define business rules), data stewards (implement and maintain quality), data engineers (build the pipelines), and data consumers (use data to make decisions). Without clear roles, everyone assumes responsibility belongs to someone else.

Data catalog: from inventory to nervous system

A data catalog is not a spreadsheet listing tables. It’s a living system connecting data with context: who created it, what it’s for, how often it’s updated, how reliable it is, and who uses it.

Tools

The market has matured significantly in the last three years:

DataHub (LinkedIn, open source) is probably the best balanced option for mid-size organizations. It supports automatic metadata ingestion from databases, data warehouses, Airflow pipelines, and Looker or Tableau dashboards. Its GraphQL API enables programmatic integration.

OpenMetadata is a more recent open source alternative with a cleaner interface and strong native data quality focus. A good choice if you’re starting from scratch.

Amundsen (Lyft, open source) was a pioneer but has lost traction to DataHub and OpenMetadata.

On the commercial side, Alation and Collibra dominate the enterprise segment. They’re powerful, expensive, and require months-long implementations. They make sense for organizations with hundreds of data sources and complex regulatory requirements.

Our recommendation: start with DataHub or OpenMetadata. Invest in the cataloging process, not the tool. Tools can be swapped; processes take years to mature.

What to catalog first

The common mistake is trying to catalog everything at once. Guaranteed failure. Start with critical assets:

  1. Tables feeding financial reports. If a number reaches the board, the underlying data must be cataloged.
  2. Data feeding production ML models. A model becomes inexplicable if you can’t trace its inputs.
  3. Data crossing regulatory boundaries. Personal data, financial data, health data.
  4. Shared sources of truth. The CRM, the ERP, the order system. Systems that multiple teams query.

In practice, the first 20-30 critical tables cover 80% of the value. Cataloging them takes weeks, not months.

Data quality: measure before you improve

Data quality is where most organizations fail, and where the highest ROI lives. Gartner estimates poor data quality costs organizations an average of $12.9 million per year. Even if you consider that figure inflated, divide by 10 and it’s still a serious problem.

The five dimensions

We define data quality along five measurable dimensions:

Completeness. Percentage of non-null fields where a value is expected. A customer record without an email might be acceptable; a shipment record without a destination address is not. The key is defining which fields are mandatory for each record type and measuring systematically.

Uniqueness. Absence of duplicates. Sounds trivial until you discover your CRM has 3 records for the same customer with name variations (Logistics Express Ltd, Logistics Express, LOGISTICS EXPRESS LTD). Deduplication is one of the most undervalued problems in data management.

Consistency. The same concept has the same format and meaning across all systems. If “ship date” means “date it leaves the warehouse” in the WMS and “date it’s handed to the carrier” in the TMS, you have a consistency problem that no pipeline will resolve automatically.

Accuracy. The data reflects reality. A stock of 150 units in the system when 147 sit in the warehouse is a 2% accuracy error. Whether that’s acceptable depends on your context, but first you need to measure it.

Freshness. The data is current relative to consumer expectations. A “real-time” sales dashboard that updates every 4 hours has a freshness problem. Not because 4 hours is bad per se, but because the expectation is different.

Automating quality checks

Quality checks must be automatic, continuous, and visible. The main tools:

Great Expectations (open source, Python) is the de facto standard for data quality in data pipelines. You define “expectations” (rules) on your datasets and they execute automatically in every pipeline run. If an expectation fails, the pipeline halts before contaminating downstream systems.

dbt tests are the natural choice if you already use dbt for transformations. You can define uniqueness, not-null, referential integrity, and custom SQL expression tests directly in your dbt project.

Soda is a more recent alternative with a more accessible check definition language than Great Expectations, and solid integration with Airflow and dbt.

The pattern we recommend:

  1. Define quality checks for the 20 critical tables.
  2. Run checks as part of the data pipeline (not as a separate process).
  3. If a check fails, the pipeline stops and the data steward is notified.
  4. Publish quality metrics on a dashboard accessible to business stakeholders.
  5. Review metrics weekly with data owners and stewards.

The quality dashboard isn’t for IT. It’s for the CFO who wants to know if she can trust the month-end numbers.

Data lineage: following the thread

Lineage answers the most important question in data governance: “Where does this number come from?”

When the CFO asks why Q2 revenue on the dashboard doesn’t match the ERP, you need to trace the full path: the dashboard reads from a materialized view, which is fed by a table in the data warehouse, which is loaded by a dbt job, which reads from a production database replica of the ERP. Somewhere in that chain, something broke or transformed incorrectly.

Automatic vs manual lineage

Automatic lineage is extracted directly from systems: dbt generates lineage from its SQL models, Airflow records task dependencies, Spark tracks DataFrames. Catalog tools (DataHub, OpenMetadata) can ingest this lineage automatically and display it as a visual graph.

Manual lineage is necessary for the segments tools don’t cover: FTP integrations, spreadsheets someone downloads and re-uploads modified, manually entered data. These “dark links” are where most errors occur and where tracing problems is hardest.

The realistic goal isn’t full automatic lineage for everything (utopia) but complete lineage for critical assets and a progressive reduction of dark links.

Practical impact

With functional lineage:

  • Root cause analysis of a report error goes from days to minutes.
  • Impact analysis before changing a database schema: you know exactly which dashboards, models, and processes are affected.
  • Regulatory compliance: you can demonstrate to an auditor that personal data is handled correctly throughout the chain.
  • Business trust: when someone asks “where does this number come from?” there’s a traceable answer.

Organizational model: the human factor

The number one reason data governance programs fail isn’t technology. It’s the lack of a clear organizational model. Tools are purchased in weeks; organizational changes take quarters.

Roles

Data Owner is a business role, not an IT role. The data owner for “customer data” is the commercial director, not the DBA. The data owner defines what a data point means, who can access it, and what quality level is acceptable. If they don’t have authority to make these decisions, the role doesn’t work.

Data Steward is the operational quality lead. They monitor metrics, investigate anomalies, and coordinate with technical teams to resolve problems. It can be a dedicated role or an assigned responsibility within an existing team. What it cannot be is a diffuse responsibility that belongs to nobody.

Data Engineer builds and maintains the pipelines that move, transform, and serve data. They implement quality rules defined by stewards, maintain the technical catalog, and ensure automatic lineage works.

Data Consumer (analysts, data scientists, business teams) uses the data. Their responsibility is to report quality issues when detected and to respect access policies.

Organization models

Centralized. A single data governance team defines policies for the entire organization. Works well in small to mid-size companies (up to 200 people). Enables consistency but can become a bottleneck.

Federated. Each business domain (sales, operations, finance) governs its own data within a common framework. The natural model for large organizations. Requires a central team to define the framework and arbitrate conflicts, but execution is local. It’s essentially data mesh applied to data governance.

Hybrid. What actually works in practice for most organizations. The central team defines policies, tools, and metrics. Domains execute. Critical data (financial, regulatory) has strict centralized governance. Operational data for each team has federated governance with minimum standards.

How to start from zero

If starting from scratch, which is the situation for most SMEs and mid-size companies we advise:

  1. Appoint someone responsible. You don’t need a Chief Data Officer. You need one person with authority and dedicated time. It can be the CTO, CFO, or a part-time data lead, but it must be someone specific.
  2. Identify the 5 data problems that hurt most. Talk to business, not IT. Ask: “Which data don’t you trust?” and “Where do you waste time reconciling numbers?”
  3. Start with one domain. Don’t try to govern all data at once. Pick the domain with the most pain (usually finance or sales) and build the catalog, quality rules, and roles for that domain.
  4. Automate something quickly. Implement 10 automated quality checks on the critical tables of the chosen domain. Publish the results. The simple act of measuring and making quality visible changes team behavior.
  5. Iterate quarterly. Add one domain per quarter. Within a year you have the 4-5 key domains covered.

From compliance to competitive advantage

So far we’ve discussed avoiding problems: incorrect data, regulatory non-compliance, manual reconciliations. But well-executed data governance isn’t just prevention. It’s acceleration.

Faster access to reliable data

Without governance, an analyst spends 40-60% of their time finding, cleaning, and validating data before they can analyze it. With a functional catalog, automated quality rules, and documented data, that percentage drops to 10-15%. The analyst produces insight instead of producing confidence.

More reliable ML models

Machine learning models are only as good as their training data. Data governance provides the infrastructure that allows building models on data whose quality, lineage, and representativeness are documented and monitored. A model trained on governed data can be explained, audited, and improved. A model trained on “whatever was in the data lake” is a black box built on quicksand.

Faster decisions

When there’s no agreed source of truth, board meetings become debates about which number is correct. Every department brings its version. Nobody yields. An hour is lost reconciling before a decision can be made. With governance, there’s a single version of the truth, documented, with traceable lineage. The discussion shifts from “what’s the number” to “what do we do with the number.”

M&A and integrations

Mergers and acquisitions brutally expose governance gaps. Integrating the data of two companies without a catalog, without common definitions, and without quality rules is a months-long project that becomes a years-long project. Companies with mature governance cut data integration time by 50-70%.

Data monetization

In sectors like logistics, retail, and fintech, operational data holds value beyond internal operations. Aggregated and anonymized data on shipping patterns, consumption trends, or financial behavior are marketable assets. But only if they’re governed: quality guaranteed, lineage documented, privacy ensured. Without governance, there’s no viable data product.

Mistakes we’ve seen (and made)

Three years implementing governance programs have taught us what to avoid:

Buying the tool before defining the process. We’ve seen six-figure Collibra implementations used as a glorified spreadsheet because nobody defined the cataloging processes or stewardship roles. The tool amplifies a good process. It doesn’t replace its absence.

Trying to govern everything from day one. Ambition is the enemy of progress in governance. A program that tries to catalog 500 tables in the first quarter catalogs none. Start with 20 and do it well.

Governance without data ownership. If data doesn’t have a business owner, quality rules get defined by IT based on technical criteria, not business needs. Result: checks that pass but data that’s useless.

Vanity metrics. “We’ve cataloged 500 tables” means nothing if 400 have empty descriptions and unknown quality. Measure depth (catalog quality), not breadth (asset count).

Forgetting change management. Data governance changes how people work. The analyst who used to download a CSV and manipulate it freely now has to use the certified dataset from the catalog. If you don’t explain the why and train the how, there will be resistance.

The business case: how to present it to leadership

If you need to convince your CEO or CFO to invest in governance, these are the arguments that land (because they’re based on money, not abstract best practices):

Reduced reconciliation time. Calculate how many hours per month your teams spend reconciling numbers across systems. Multiply by hourly cost. We’ve seen companies where this exceeds EUR 50,000 annually.

Fewer reporting errors. How many times per year has a board report or regulatory filing been corrected? Each correction carries a reputational cost, and sometimes a regulatory one.

Faster time-to-insight. If an analytics project takes 3 months, of which 2 are data preparation, governance can cut that cycle in half.

Reduced regulatory risk. With the Digital Operational Resilience Act (DORA) in financial services and ongoing GDPR enforcement, the ability to demonstrate you know where your data is and how it’s handled isn’t optional.

AI enablement. Every serious AI initiative needs governed data. Without governance, AI projects stall at the data phase, which is precisely where 80% of ML projects fail.

A pragmatic roadmap

A realistic data governance program for a 100-500 person company:

Quarter 1: Foundations. Appoint a lead. Choose a catalog tool (DataHub or OpenMetadata). Catalog the 20 critical tables in the finance domain. Implement 10 automated quality checks following the approach described in our data quality guide. Publish the first data quality dashboard.

Quarter 2: Expansion. Add the commercial/CRM domain. Define data owners and stewards for both domains. Implement automatic lineage for dbt/Airflow pipelines. Formalize the cataloging process for new assets.

Quarter 3: Maturity. Add the operations domain. Integrate data quality into CI/CD pipelines. Start using the catalog as the entry point for new analytics projects. Measure and report governance metrics quarterly to leadership.

Quarter 4: Scale. Cover all critical domains. Automate end-to-end lineage. Establish periodic review processes for quality with each data owner. Evaluate whether the organizational model needs to evolve from centralized to federated.

At the end of year one, the organization won’t have perfect data governance. It will have functional data governance over its critical data, with proven processes that can scale. And that is infinitely more valuable than an 18-month project that aims for perfection and delivers nothing.

Because data governance isn’t a destination. It’s a habit. And like every habit, it starts small, reinforces itself with results, and sustains itself with discipline.

Tags

Data Engineering Compliance Data Quality Strategy

About the author

A

abemon engineering

Engineering team

Multidisciplinary engineering, data and AI team headquartered in the Canary Islands. We build, deploy and operate custom software solutions for companies at any scale.

Related articles

Articles

Data Quality: How to Improve It Without Stopping Operations

Data Warehouse vs Data Lake: 2025 Decision Guide
Executive Briefs

Data Warehouse vs Data Lake: 2025 Decision Guide

Industry News

Fintech Compliance: Building Regulatory Reporting Infrastructure