A successful data governance program requires the right people in the right roles. These roles include an executive sponsor, steering committee members, a data governance leader and a team of data stewards. These people will drive ongoing data audits and metrics that assess your program’s success and ROI. They will also help you communicate the value of your investment in the data governance framework to other business leaders and stakeholders. Ideally, these people should be both business and IT savvy. Senior business systems analysts and enterprise architects make excellent stewards.

The Privacy Commissioner’s Office (PCO) oversees compliance with the Hong Kong Personal Data Protection Ordinance (PDPO). The PDPO establishes data subject rights, specific obligations to data controllers and regulates the collection, processing, holding and use of personal information through six data protection principles. It also prohibits unauthorized disclosure of personal data, known as doxxing.

Unlike the EU’s GDPR, which requires all organizations to notify their data subjects of any breaches, the PDPO applies only to personal data that is collected in connection with the exercise of an individual’s rights and freedoms, or in connection with legal proceedings in Hong Kong. The PDPO was originally enacted on 20 December 1996 and has been amended several times since then. The most significant amendments took effect in 2012 and 2021.

Your organization’s data governance program must be designed to meet its unique needs. This starts with a vision and a business case. The vision spells out your broad strategic objective, and the business case details how you’ll achieve it through a set of policies that align to your organizational goals. Your business case will also specify the actual people (roles), technologies and processes that you’ll need to support your governance programs. The more detailed your business case, the more realistic and actionable it will be. It will be easier for your team to buy into your vision and goals if they feel they can impact their day-to-day work. The key is to ensure that the vision and the business case are closely linked, so your team can use them to guide their decisions.