To execute an effective Data Governance solution there are six infrastructure building blocks that you should have in your solution implementation. Establishing the right level of automation for these components will deliver the required oversight of your data sources and data exchanges as well as providing the the framework for your leadership and team to be efficient and effective in using and controlling the data.

Infrastructure Overview

Infrastructure Building Blocks

		Data Catalogue	A data catalogue records the details of the data held across your business. In a 'Basic' Form this could be an manually maintained Spreadsheet in best practice the cataloguing tool continually scans your estate and creates an actively maintained searchable catalogue. A catalogue is key to tracking that you are managing personal data, underpins Subject Access Requests and enables consent management.
		Data Quality	Article 5 of the regulation requires that personal data you hold is up to date and accurate. In a 'Basic' solution this would be regularly manually checking Data Quality using the Data Catalogue as a guide to were the data is held. In 'Best Practice' a Data Quality tool would continual scan for Data Quality issues flagging and correcting as required.
		Data Governance	To effectively manage your Data Governance compliance you need to document and manage who supervises each item of data, that permissions and consents are captured and managed for each data point, how the logical data model of the business maps to the physical data model, what data is held by third parties on your behalf and if so are the data processing contracts Data Governance compliant, is data being held or sent internationally and have you documented process flows as required by article 30. In a 'Basic' solution this could be an extension of the Spreadsheet that you are using as a Data Catalogue, in 'best practice' this is a Data Governance tool.
		Single Customer View	In order to effectively manage Permissions & Consents you need to be sure that permissions captured for a person on one source are matched to permissions captured for that person on other sources. Given the variations in identifying details a robust method for matching people records is required. Similarly when servicing a Subject Access Request being able to identify all variations of a persons identity across your systems is critical if you are to ensure you are reporting back on all data you hold on the requestor.
		Subject Access Request	Subject Access Requests, Erasure Requests, Data Rectification Requests and the other Individual Rights Requests require not only a Data Catalogue and Single Customer View to find the required data quickly but a process to case manage the requests, ensure that you correctly identify the requestor, compile the data, approve the action and evidence that the action was taken. A 'Basic' solution is to use a spreadsheet to manage the workflow and document the case. 'Best Practice' is to use a workflow tool integrated with the Data Catalogue and Single Customer View.
		Permission & Consent Management	Articles 6,7,8,18 and a number of others describe your requirements to clearly and transparently capture and manage consents and permissions. In a 'Basic' solution you may use a spreadsheet to master the Permission & Consents statements and then federate these out to systems in which your clients and prospects interface with your business. In a 'Best Practice' implementation a Permission & Consent Management Hub is deployed to automate the capture and management of citizens permissions.

Integrations overview

Selecting the Infrastructure for your business

Depending on your business data volumes and complexity you will select a varying level of tool maturity and scalability to deploy. The table below provides a summary of the options.

Maturity & Scalability	Data Catalogue	Data Quality	Data Governance	Single Customer View	Subject Access Request	Permission & Consent Management
Best Practice	Data Catalogue Tool	Data Quality Tool	Data Governance Tool	Master Data Management Hub	Data Catalogue Tool	Permission & Consent Management Hub
Digital Applications	Web Application	Web Application with PL/SQL code fragments	Web Application	Machine Learning Matching	Web Application	Web Application with Federated Deployment
Basic	Spreadsheet	Manual	Spreadsheet	No Options	Manual	Spreadsheet with Federated Deployment

Best Practice and Enterprise Infrastructure features

Component	Key Desirable Enterprise Features	Example COTS
Data Catalogue	Structured and unstructured scanning for Identity data. AI & Pattern driven data classification eg recognise email address, phone numbers, passport number etc. Google like catalogue searching	Spirion Waterline Data BigID ( Identity Scanning only) Informatica
Data Quality	Data and content type data quality scanning capability. Scanning scheduling. Quality remediation workflows. Data Quality reporting preferably can integrate into strategic reporting platform. Historic data quality snapshots to provide reporting on data quality movements over time Realtime address, email and mobile phone validation.	Informatica Trillium Trifacta
Data Governance	Capability to assign Data Owners and other data roles at logical layer. Capability tag physical data items with logical tags. Governance workflows. Can manage the Data Governance article 30 requirements. Can manage data governance documentation requirements of other Insurance industry regulation. Capability to integrate with Enterprise Application mapping software.	Collibra Informatica Infogix
Single Customer View	Master of Customer and Prospect Identity Data. Capability to Integrate with Permission and Consent Master. Identity search API	Informatica MDM IBM DataStage
Subject Access Request (Data Rights)	Generate DSAR reports Identity validation Data rectification Data portability	Waterline Data
Permission & Consent Management	Capable of holding a 5W’s permission(preferences) model Realtime API’s for capturing and displaying permissions, permissions statements and privacy statements Full logging of permission changes (eg Kantara)	Consentric Syrenis

Example Simplified Governance Metadata model