3. Policies and processes

Documenting your policies and how you expect people to execute them is fundamental to ensuring good data governance. If you don't have them written down, you can't expect people to do what is required. Policies and processes set out the standards required and should relate to the management of data across its lifecycle, for example:

• Governance of data, including roles and responsibilities for data (project and organisational level).

• Data acquisition and collection.

• Storage of data, for example in which geographies, on who’s infrastructure, according to what standards?

• Use of data. Is it appropriate and ethical? Does it comply with data protection laws?

• Sharing of data. Who has access? Rights of employees and individuals. What should be closed, shared or open? Is there a data sharing agreement in place?

• Archiving and deletion, for example, after how long and for what purpose might the data be unarchived?

Key questions to ask here include:

• Do you have the data management policies and processes in place to support compliance with legal, financial and environmental obligations?

• Who is responsible for maintaining oversight of these policies and processes?

• Are organisational mechanisms in place to address a challenge or obstacle?

• Is the organisation behaving ethically in the way data is collected, used and shared?

• Are clear policies and processes in place to manage data across its lifecycle?

Useful resources for policies and processes include:

• The ODI’s ‘How to write a good open data policy’ podcast covers how a data strategy should fit within the wider corporate strategy, and the growing importance of collaborating with data.