Data are the center of global business. They are essential to every function across an organization, making the ability to protect, retrieve, analyze and leverage data a requirement for the development of new products and services or entry into new markets. This new reality of data as the lifeblood that flows through all aspects of an organization presents an unprecedented opportunity to create new business benefits, innovate and work more effectively.
Often, data are discussed in the context of risk factors, and indeed there are many. In fact, in a recent survey of more than 150 enterprise leaders across the Asia-Pacific region, Europe, Latin America and North America, 20 percent rated growing data volumes was one of the top three risk factors their organization is concerned about for the coming year.1 This was likely due to an increase in data owners, holders and sources to manage and organize data. Of those, nearly one-quarter listed expanding volumes of data as their top source of risk. In addition, 31 percent of all survey respondents said they expected operational and compliance risk to increase with respect to growing data volumes.2
It is not only data volumes that are growing—new tools and platforms, particularly for remote collaboration, are giving rise to a host of nontraditional data types and formats. In the aforementioned survey, 85 percent of respondents said growth in diverse data types was driving increased cost or risk, with one-third of those saying the increases were significant. More than three-quarters of respondents (76 percent) who identified as information governance decision makers, stated that the increased use of collaboration tools and cloud-based applications created significant or moderate information governance challenges.3
If the paradigm of data as a risk can be shifted to a view that approaches data as the key to achieving business objectives, organizations can begin to see the undeniable business case for—and ultimate value of—establishing strong information and data governance.
Imagine if data governance programs, which are often perceived as an inconvenient cost of doing business (that can be continually deprioritized),4 were instead framed as enabling new and impactful initiatives in product development, artificial intelligence (AI), employee productivity, the metaverse or digital assets. Although data quality, accuracy, lineage and mapping may indeed be integral to fulfilling information governance policies and regulatory compliance requirements, they are likewise integral to achieving efficiencies, insights and meaningful analyses. Organization leaders who embrace this view find it much easier to gain buy-in for governance projects and are positioned to substantially increase the return on their governance investments beyond risk management benchmarks alone.
By proactively managing data from a position of opportunity (as opposed to fear), enterprise leaders can transform their processes across several critical areas.
Driven by Fear vs. Opportunity
Despite pervasive worries about regulatory penalties for breach of data obligations or other privacy violations,5 organizations today are more motivated to manage their data proactively as a business benefit. There has been a significant transition in many organizations from the times when fines were the primary drivers of data protection and information governance, such as during the early days of enforcement activities under the EU General Data Protection Regulation (GDPR).6 Organizations today focus on strong data protection, environmental social governance (ESG) and compliance as driving competitive advantage and enhancing brand, reputation and consumer preferences. In some highly regulated industries such as financial services, fines certainly persist as a key motivator for data management, but there are now numerous substantive benefits to strong governance. For example, for most organizations, the business value of improving trust and brand reputation, enabling productivity and driving innovation easily surpasses the financial costs of noncompliance.
Moreover, a strong foundation of data management is necessary for organizations to become fully sustainable across every meaning of the word—environmentally, socially, financially, competitively and culturally. Environmentally, data minimization can reduce a carbon footprint in the form of reduced storage needs. From a social perspective, effective handling of data strengthens data privacy and data ethics, establishes digital trust and supports employees with safe remote work functions and efficiencies that enhance work-life balance. In terms of governance, costs are streamlined and risk reduced, customers are better served, processes are more transparent and regulatory compliance is bolstered.
Data as the Heartbeat
Today’s top-performing organizations are reinventing their businesses using the insights they glean from well-managed enterprise data. By proactively managing data from a position of opportunity (as opposed to fear), enterprise leaders can transform their processes across several critical areas.
AI Effectiveness and Ethics
Many organizations already understand the importance of quality data in leveraging AI for various applications. AI and similar analytics-based tools have been growing in enterprise adoption across applications such as spend management, decision-making, project management, marketing and customer service.7 Roughly one-third of business leaders surveyed said they leveraged AI or similar tools for applications such as data governance, privacy compliance, proactive risk management and other business initiatives.8 However, the predictive models that underpin AI applications are only effective if the underlying data sets that power them are accurate and targeted for purpose. Data quality and data lineage exercises are imperative to ensuring that AI implementations can meet the business objectives for which they were designed.
In addition, organizations must consider the ethical implications associated with using AI and ensure that strong governance controls are built into tools before they are put into effect internally or externally. A survey of business leaders found that only 18 percent of respondents currently using or considering AI applications were very concerned about the related ethical and compliance risk, and another 54 percent reportedly were somewhat concerned.9
Given the increasing regulatory and public scrutiny of the unethical use of advanced technologies, inappropriate or insecure use of personal data, and requirements for justifying automated decision-making, these responses suggest a potentially concerning gap in preparedness.
New Technology Advancements and Innovation
The market size of the metaverse is more than US$38.5 billion, and more than half of enterprises that are investing in the metaverse are also investing in cryptocurrencies.10 Any organization that is looking to engage in creative new technology business models, products and services must do so based on a foundation of well-managed data.
However, decentralization, an underlying technology enabler of many existing and potential metaverse designs, can make governance more difficult. The laws that govern data protection regulations in the physical and Web 2.0 environments, such as GDPR, are relatively transferable into metaverse or Web 3.0 environments. But ensuring a user’s right to privacy means transferring existing real-world legislation to the virtual space, which is not straightforward without centralization. One area of governance that is beginning to show progress is interoperability, which, in the metaverse, refers to the ability of platforms to share information and enable users to transition easily between platforms and collaborate across them. Interoperable models should guide the capture and use of personally identifiable information (PII), digital rights management, safety, security and other issues that may impact regulatory compliance. In addition, those models should push the adoption of portable identifiers suitable throughout the metaverse to manage identity, rights, roles and permissions. Interoperable models provide enforcement mechanisms, which are imperative to reducing risk and uncertainty for users.
Business Growth
Even among organizations that are not on the cusp of advanced technology such as the metaverse, AI, and digital assets, data have a role to play in driving business growth. The key is to first understand which data the organization has, how they are used, where they are stored and what insights the organization hopes to glean from them. From there, organizations can begin to tap into the rich store of insights that live within their data and leverage those learnings to uncover growth opportunities or inform critical decisions.
Any organization that is looking to engage in creative new technology business models, products and services must do so based on a foundation of well-managed data.
Data Privacy
The need for strong data protection and privacy has become a major focal point for business leaders. More than one-third of chief legal officers rated data privacy as their top risk category in a 2022 survey,11 and in a separate study of chief executive officers (CEOs) and chief operating officers (COOs), 71 percent noted that data privacy was a primary concern.12 Maintaining a strong privacy posture is virtually impossible without a combination of expansive privacy programs, customized data protection policies and access and governance controls to map and track the collection, storage, use and disposition of personal and sensitive information as it flows through an organization, or between organizations and jurisdictions. The imperative for data privacy extends far beyond compliance with GDPR and other global data protection laws. It has become a matter of acting as a good corporate citizen, protecting consumer trust and reinforcing brand integrity.
Brand Reputation
As an extension of strong data privacy, organizations can leverage good data practices to drive reputational value. Organizations that make headlines for fraudulent activity, data breaches, compliance violations or other mistakes that could have been mitigated by stronger governance and data management are increasingly under scrutiny. There are countless examples of organizations sustaining significant long-term losses as a result of reputational damage. Conversely, enterprises that have embedded trust, data protection and ethics into their brands are perceived as having principles that align with consumer values. As a result, they are more likely to earn customer business and loyalty.
Hybrid Work
Remote and hybrid work have made data management more challenging. Data are often shared by employees on devices and through systems that are not sanctioned or covered by the organization’s policies. To track where data are flowing, prevent data leakage and ensure that data are properly categorized and retained among a dispersed workforce, organizations must adjust their governance controls to the new working environment.
Similarly, steps must be taken to adjust compliance monitoring programs to include the many venues where employees may be communicating and transacting on behalf of the organization. When these issues are properly addressed, through acceptable use policies, awareness campaigns and data governance initiatives, risk is reduced, and that is the added important result of enabling better access and productivity for employees working remotely.
To drive growth and success, leaders must treat data as the center of their operations.
ESG
A key aspect of sustainability and governance is simply doing the right thing for people, the planet and communities. Nearly five billion people now have an online presence.13 Therefore, the majority of the global population is currently linked in some way to a digital identity.14 Thus, the manner in which organizations care for their data is part of how they demonstrate that they are doing the right thing.
Moreover, organizations that want to show that they say what they mean and mean what they say must leverage data to be more quantitative in terms of measuring their performance across key ESG benchmarks (e.g., emissions, labor practices, supply chain transparency, executive pay). Data can be leveraged to provide specific transparent disclosures that communicate performance to the market and to regulators while also offering insight to help evaluate growth, progress and risk profiles. This includes taking a holistic and analytic view of how an organization is meeting legal requirements, using strategic research, conducting community engagement, embracing diversity, adhering to data privacy practices and addressing human rights impacts. Likewise, data inform a go-forward strategy to ensure that the organization is aligned with overall ESG plans.
Mergers and Acquisitions Activity
Organizations that want to acquire or divest business segments or target enterprises to drive business strategy or growth must have their data in a strong state that is managed and understood. More than one-third of global business leaders said in a survey that growing data volumes related to mergers and acquisitions (M&A) activity or bringing new systems together post-merger were among their top-three risk areas.15 When data are the lifeblood of organizations that are separating or merging, there must be a clear definition of the most valuable sources of information that may contain intellectual property, sensitive data and personal information before a transaction. This way, critical data can be properly protected or disposed of during a merger or divestment. As an organization grows and changes through M&A-related activity, the data footprint must adapt alongside it to avoid loss of critical information, reduce regulatory and privacy risk and maximize the value of data being brought into the organization.
A Culture of Compliance
Compliance can be embedded into the fabric of an organization if all employees understand their individual roles in upholding a high standard of best practices and regulatory accountability. In-depth, ongoing training and awareness programs are essential. These may include widespread internal communications campaigns to help employees understand the importance of data protection, tabletop exercises to simulate how to follow and comply with policies, hands-on instruction for new tools, workshops, and incentives for supporting data privacy programs. These efforts help employees understand both how and why they must be good stewards of enterprise, partner and customer data.
Efficiency
A sustainable organization is an efficient organization. This means that workflows are automated when possible and processes are simplified for employees. Through data governance, organizations can enable the identification and categorization of data so that they may be easily accessed, searched and utilized for business purposes with adequate precision, documentation and automation.
Conclusion
Lifeblood is what sustains people. For modern enterprises, that lifeblood is data. Data make business goals achievable and allow organizations around the world to meet their clients’ and customers’ needs. It is no longer enough to simply acknowledge that data have value. To drive growth and success, leaders must treat data as the center of their operations. Managing data effectively in a compliant fashion on an always-evolving basis is key to operating as a truly sustainable organization.
Endnotes
1 Blickstein Group and FTI Technology, "The Most Valuable, Vulnerable Commodity: Data Establishes a New Era of Digital Insights and Risk Management," February 2023, https://www.ftitechnology.com/resources/white-papers/digital-insights-and-risk-management
2 Ibid.
3 Ibid.
4 Suer, M.; "Data Governance Program: Ensuring a Successful Delivery," Alation, 17 August 2022, https://www.alation.com/blog/data-governance-program/
5 Price, M.; "U.S. Fines 16 Wall Street Firms $1.8bln for Talking Deals, Trades on Personal Apps," Reuters, 27 September 2022, https://www.reuters.com/business/finance/us-fines-16-major-wall-street-firms-11-billion-over-recordkeeping-failures-2022-09-27/
6 Wolford, B.; "What Is GDPR, the EU’s New Data Protection Law?" GDPR.eu, https://gdpr.eu/what-is-gdpr/
7 McKendrick, J.; "AI Adoption Skyrocketed Over the Last 18 Months," Harvard Business Review, 27 September 2021, https://hbr.org/2021/09/ai-adoption-skyrocketed-over-the-last-18-months
8 Op cit Blickstein Group and FTI Technology
9 Ibid.
10 Nikolovska, H.; "Thirty-One Metaverse Statistics to Prepare You for the Future," Bankless Times, 3 February 2023, https://www.banklesstimes.com/metaverse-statistics/
11 Moran, L.; "Legal Chiefs Facing 'Most Turbulent Period’ of Their Careers," Legal Dive, 12 December 2022, https://www.legaldive.com/news/chief-legal-officer-risk-areas-fti-technology-relativity-ari-kaplan/638544/
12 Op cit Blickstein Group and FTI Technology
13 Kemp, S.; "More Than Five Billion People Now Use the Internet," The Next Web, 26 April 2022, https://thenextweb.com/news/more-than-5-billion-people-now-use-the-internet
14 Kemp, S.; Digital 2022: Global Overview Report, Data Reportal, Singapore, 2022, https://datareportal.com/reports/digital-2022-global-overview-report
15 Op cit Blickstein Group and FTI Technology
NINA BRYANT
Is a senior managing director at FTI Technology and head of the UK information governance, privacy and security practice based in London. Bryant is a strategic data expert experienced in leading complex global regulatory, data protection and business transformation programs to deliver world-class solutions.
SUSANA ESTEBAN
Is a managing director at FTI Technology. She is a world-renowned expert in blockchain, digital assets, decentralized finance, nonfungible tokens, Web3 and the metaverse. Throughout her career, Esteban has provided advice in the finance, retail, supply chain, healthcare, insurance and real estate sectors. She also completed the Blockchain Strategy Programme at the University of Oxford (Oxford, England).