Instituting a comprehensive Data Governance program is not an easy task for any enterprise, for one as large as Deutsche Telekom the enormity of the task cannot be understated. Data professionals understand the competitive advantages that properly implemented Data Governance can produce; they also understand the many pitfalls, challenges, and eventual insights to be gained. In his presentation “Data Governance at Deutsche Telekom: How We Learned Our Lessons” at the Enterprise Data World 2015 Conference in Washington D.C., Christoph Kögler spoke of the many Data Governance lessons learned during a project with his employer T-Systems Multimedia Solutions GmbH and Deutsche Telekom. The presentation, which could be seen as a case study in and of itself, focused on how to properly manage Data Governance; particularly, it detailed the lessons that the largest telecom company in Europe had learned throughout its past, what it is doing to better it’s Data Governance in the present, and what it hopes to accomplish in the future.
The primary point made by Mr. Kögler was that implementing reliable Data Governance gives a company a competitive advantage over other companies. “If it is well assigned, and well implemented, Data Governance can really give you a distinctive competitive advantage on the market,” he declared.
There are many benefits to utilizing resources effectively, but Mr. Kögler stressed a few more so than others:
- Data Governance can help a company spend less on internal resources. In other words, if an organization makes fewer mistakes or spends less on wasted productivity, it will save on what would be further expenses.
- Data Governance can attract customers. It allows for a company to “choose you over your competitors.” Data Governance builds trust. Even though it is not something that a customer will ever see, its effects are felt throughout an organization. If customers know that their personal data is safe, they are more likely to choose the secured company.
They Needed Better Data Governance
The peak moment that Deutsche Telekom realized that they needed to improve their Data Governance was when they received the Big Brother Award in 2008. The Big Brother Award is an awards ceremony to “commemorate businesses, organizations, and any other persons” that threaten the privacy of individuals. While there are several different versions held in many different countries, the idea is the same: The awards (Orwells, which are named after George Orwell, author of the popular dystopian novel 1984) are given to organizations and people who are seen as intruding on the personal privacy of others. In other words, they are deemed the “Big Brother” of the year.
This award is meant to bring awareness about privacy and security issues, with the hope of causing organizations to change their ways, and stop compromising the security of their customers or the people they are supposed to serve. Most companies refuse to show up to the awards, because if they do, they are undoubtedly humbled. Nonetheless, in 2008, the Deutsche Telekom CEO showed up to assure the audience that he would change the problems with his company’s Data Governance policies.
According to Mr. Kögler, Deutsche Telekom’s Data Governance in the past was both costly and ineffective: “We had approximately 60 systems involved using customer data. All of these systems had to be checked and approved with Data Governance policies.” With so many systems that needed approval along the way, their check to approval period took way too long. Mr. Kögler commented:
“We had a system built especially for the fans of a sporting event. And just one year later we finally got the approval from crypt security, but it was two weeks after the championship had ended…That was really costly and ineffective.”
The lengthened waiting period made utilizing the data from the event nearly impossible. Their Data Governance was not business-oriented; the company had become so concerned with outdated security protocols that it was no longer practical.
Data Governance Implementation
“One thing we had later in the Data Governance rules was to have as much security as possible, but with as great a business focus as possible,” Kögler explained. He described Data Governance as the brakes on an automobile:
“When you buy an automobile, you want to make sure the brakes on the car actually stop the car. But how do you build brakes that can stop a car? Build it, test it, and then test for security? No, you test for security the whole time you are building it. And that’s the approach we took with Data Governance; we wanted to make sure that every RT system at Deutsche Telekom matched good RT systems and would be assigned to security from the very beginning.”
He further explained that what the company wanted was a system with clearly defined rules: One that was transparent in its operations and one that worked in an efficient way. What Deutsche Telekom came up with was the Standard Privacy and Security Assessment (or PSA). The PSA was about how to handle the company’s data, and how to handle the security and privacy that needed to go along with it.
One of the first steps was to determine whether the project was an A project, a B project, or a C project.
- A Project: An A project is a project where Deutsche Telekom had to work together with crypt security and where they had to follow the maximum Data Governance guidelines.
- B Project: A B project is a project that had to do with Data Governance but was low risk; they still had to record things, but they didn’t need as much supervision from other departments. They may still be checked on from time to time, but the requirements were not as critical.
- C Project: These projects were seen as irrelevant in the midst of Data Governance. They didn’t have to follow the rules because the project wasn’t seen as valuable or high-risk.
The next step depended on the type of project and what the project entailed. He noted that regardless of the actual project, the company still had to get approval from security before it could go live.
Every project, regardless of their level, had to follow these critical success factors:
- Suitability: The level that the company needed for security, but enough so that they could still conduct business.
- Efficiency: If the project failed, it failed early on and not after so much work went into it. This lowered costs and increased productivity.
- Transparency: To make sure that their intentions were clear and they got approval from necessary personnel.
- Responsibility: To make sure that everyone followed the rules, so the company couldn’t get blamed if something went wrong. And if they did get blamed, they could make sure that it did not happen again.
- Re-evaluation: What was an A project, a B project, and a C project? Did the project still fit into the market?
“One of the most important changes today is how people view Deutsche Telekom,” Kögler said. In addition to the benefits of Data Governance already stated, it also reduced the number of security branches (decreasing the waiting time); it reduced the efforts and costs of system operations; and, it changed the public opinion of Deutsche Telekom. “It really made a difference in the market, but also internally,” he said.
Data Governance and the Big Picture
All the work done by Deutsche Telekom had a considerable impact across-the-board on all their operations and most notably on customer satisfaction, yet they knew they were not yet done. Data Governance is not a program, it’s a project, and they knew they had to continue forward successfully or all the time and money spent would be ineffective. Mr. Kögler ended his presentation by moving away from directly speaking about Deutsche Telekom and looking more at the wider world of Data Governance. He finished with three main points:
- Data Governance can change the way that companies look at customer security:
Too many companies disregard the security and privacy of their customers, in a “collect first, monetize later” scheme. What they don’t take into consideration, however, is that customers value security above all else: In a recent survey mentioned by Kögler, 80% of customers preferred security, and only 20% preferred freedom. Implementing a strong Data Governance program can correct this issue.
- It’s necessary to bridge the gap between countries’ varying laws:
In his presentation, Kögler said that countries should make common rules (international rules) regarding data security so that they can come to an agreement. He discussed a few of the considerable differences between American and European data laws and how there needed to be more parity between them. An international Data Governance initiative could help such an issue, especially in a globalized world where virtual borders do not follow geographical borders.
- Implement a top-down approach:
To gain what he called a “normalization of deviance” that would allow organizations to make their Data Governance rules transparent and make sure they are being followed is best done with a top-down approach. He stressed the need for executives to take responsibility for proper Data Governance.
“Events that don’t go along with policies are not seen as a threat until those consequences really happen,” Kögler stated. “It’s not enough to have Data Governance and Data Governance policies; we need to make sure they are followed correctly. Otherwise they can cause you a lot of trouble at the Big Brother Awards.”
Here is the video of the Enterprise Data World 2015 Presentation: