Branxl Academy

Career Hub

Data Governance

Overview

Data governance ensures that an organisation's data is accurate, accessible, consistent, and used appropriately. Governance professionals define policies for how data is collected, stored, classified, shared, and retired. The role sits at the intersection of data management, compliance, and operational quality. In regulated industries (finance, healthcare, insurance) data governance is a regulatory requirement. In all other industries it is increasingly recognised as critical infrastructure. The GDPR has made data protection and governance skills mandatory for UK organisations that hold personal data.

What does the Data Governance role involve?

  1. Developing and maintaining data policies and standards.
  2. Managing a data catalogue: documenting what data exists, where it lives, what it means, and who owns it.
  3. Running data quality assessments and establishing data quality rules and metrics.
  4. Supporting GDPR compliance: data mapping, subject access requests, data protection impact assessments.
  5. Working with data owners to enforce classification schemes and access controls.
  6. Coordinating between IT, legal, compliance, and business teams on data-related decisions.
  7. Establishing and facilitating a data stewardship programme.

Skills Required

  1. Understanding of data management frameworks: DAMA-DMBOK.
  2. Data quality dimensions: completeness, accuracy, consistency, timeliness, validity, uniqueness.
  3. GDPR and UK Data Protection Act 2018: legal bases for processing, data subject rights, breach notification.
  4. Data modelling basics: understanding entity relationships and data lineage.
  5. SQL for data quality queries.
  6. Data catalogue tools: Collibra, Alation, or Microsoft Purview.
  7. Metadata management and business glossary development.
  8. Stakeholder communication and policy writing.

UK Salary Range

  • Entry level (0-2 years): £25,000 to £35,000. Data Quality Analyst and Information Governance Analyst roles. Higher end at financial services and large enterprises.

  • Mid-level (2-5 years): £38,000 to £55,000. Data Governance Analyst or Data Steward with ownership of a data domain or governance programme workstream.

  • Senior (5+ years): £55,000 to £80,000. Head of Data Governance, Data Governance Lead. Chief Data Officers at mid-size companies come from this path and reach £100,000 to £150,000.

  • Consulting: Data governance consultants (working with Deloitte, KPMG, PwC data practices or independently) charge £400 to £700 per day. Collibra and Purview implementation specialists are in short supply.

UK Job Market

  1. UK demand for data governance is driven by regulatory pressure (GDPR, FCA data management requirements, NHS data standards) and the growing recognition that data quality directly affects business outcomes.
  2. Financial services, healthcare, insurance, and large public sector organisations are the most active hirers.
  3. The role was previously associated with large enterprises only, but scale-ups reaching Series B and beyond increasingly invest in governance as data volume and regulatory exposure grow.
  4. The CDAO (Chief Data and Analytics Officer) function is expanding, creating more governance roles beneath it.

Who This Career Path Is For

  1. People with a background in data analysis who want to specialise in policy and quality rather than modelling.
  2. Compliance or legal professionals who want to develop data-specific expertise.
  3. Those who enjoy documentation, process design, and cross-functional coordination.
  4. Career changers from information management, records management, or library science.

How to Get Started

Phase 1: Foundations (weeks 1-5)

  • Study the DAMA-DMBOK wheel to understand the full data management discipline.
  • Read the UK ICO's guidance on GDPR and data protection by design.
  • Understand the difference between data governance (policies and accountability) and data management (execution and tooling).
  • Write a mock data classification scheme for a fictional company: public, internal, confidential, restricted.

Phase 2: Data quality and cataloguing (weeks 6-12)

  • Learn the six dimensions of data quality.
  • Write SQL queries to measure completeness, uniqueness, and validity against a public dataset.
  • Set up a free trial of Collibra or Microsoft Purview.
  • Build a data catalogue entry for five tables from a public dataset: business description, data owner, classification, and quality notes.
  • Document the lineage from source to report.

Phase 3: GDPR and compliance (weeks 13-18)

  • Work through the ICO accountability framework.
  • Write a mock Records of Processing Activity (ROPA) for a fictional e-commerce business.
  • Draft a data protection impact assessment (DPIA) for a hypothetical new data processing activity.
  • Understand the process for handling a data subject access request (DSAR).

Phase 4: Governance operating model (weeks 19-24)

  • Study how a data governance operating model works: data council, data stewards, data owners, and the governance team.
  • Write a mock governance policy covering data classification, retention, and access control.
  • Practice presenting a data quality issue and a proposed resolution to a non-technical audience.

Deep guidance

Build Your Portfolio

Portfolio documents for data governance

  • Governance is a documentation-heavy discipline.
  • Your portfolio should demonstrate that you can think systematically about data risks and write clear, actionable policies.
  • Mock data catalogue: Choose a public dataset (NHS Digital data, Companies House, or ONS statistics).
  • Write data dictionary entries for five to ten fields: business name, technical name, definition, data type, owner, classification, source system, and quality notes.
  • Format as a table in Notion or a GitHub markdown file.
  • ROPA (Records of Processing Activity): Write a ROPA for a fictional company (an e-commerce site works well).
  • For each processing activity: purpose, categories of data, legal basis, retention period, recipients, and safeguards.
  • A well-structured ROPA demonstrates understanding of GDPR Article 30 requirements.
  • Data quality assessment: Run SQL queries on a public dataset to measure the six data quality dimensions.
  • Document your findings and write a prioritised list of remediation recommendations.
  • Include estimated business impact of each quality issue.
How to Apply

Entry routes

  • Data governance roles are often entered from adjacent paths: data analyst who wants to specialise, records manager or information officer transitioning into digital, or compliance officer adding data skills.
  • A background in any of these is a genuine differentiator.

Certifications

  • ISEB Certificate in Data Management is directly relevant.
  • CDMP (Certified Data Management Professional) from DAMA is recognised internationally.
  • Both require study investment but stand out against candidates with only self-taught backgrounds.
  • GDPR certifications from the ICO or BCS are useful for compliance-heavy roles.

Where to look

  • NHS Digital, HMRC, DWP, and financial services regulators (FCA, PRA) hire data governance professionals.
  • Large banks (Barclays, Lloyds, HSBC) have dedicated data governance teams.
  • Consultancies run data governance practices.
  • LinkedIn searches for Data Steward, Data Governance Analyst, Information Governance.
Interview Preparation

Common interview questions

  • "What is the difference between data governance and data management?" Governance defines the accountability structures, policies, and standards.
  • Management is the execution: the tools, pipelines, and processes that put the policies into practice.
  • Governance tells you what should happen; management makes it happen.
  • "What are the six dimensions of data quality?" Completeness, accuracy, consistency, timeliness, validity, and uniqueness.
  • Be ready to define each and give an example of a business problem caused by a quality failure in each dimension.
  • "How would you handle a data breach?" Follow the organisation's incident response plan.
  • Contain the breach.
  • Assess what data was affected, how many individuals, and what the risk of harm is.
  • Report to the ICO within 72 hours if required (high risk to individuals).
  • Notify affected individuals if required.
  • Document everything.
  • "How do you get data owners to take ownership of data quality?" Establish clear accountability.
  • Make the business impact of poor quality visible through metrics.
  • Make fixing quality issues easy by providing tooling and clear processes.
  • Recognise and reward good stewardship.
  • Governance is a change management exercise as much as a technical one.
  • "What is a data lineage and why does it matter?" Data lineage documents the origin, movement, transformation, and destination of data as it flows through systems.
  • It matters for debugging quality issues (where did this error enter the pipeline?), for compliance (where is this personal data going?), and for impact assessment (if I change this upstream table, what downstream reports will be affected?).
Common Mistakes to Avoid

Mistake 1: Treating governance as paperwork

  • Governance that produces policy documents nobody reads is governance theatre.
  • The goal is real, measurable improvement in data quality, compliance, and trust.
  • Measure outcomes, not outputs.

Mistake 2: Not understanding the business context

  • A governance analyst who does not understand why the data matters to the business cannot prioritise what to fix.
  • Spend time with the business units, not just the data teams.

Mistake 3: Trying to govern everything at once

  • A governance programme that covers every data asset from day one will stall.
  • Start with the highest-risk or most business-critical domain.
  • Show improvement.
  • Expand.

Mistake 4: Ignoring the technical side

  • Governance analysts who cannot write a basic SQL quality query, understand a data model, or read a lineage diagram are dependent on others for the evidence they need.
  • Develop enough technical literacy to be self-sufficient in investigations.

Mistake 5: Not documenting the definition of "done"

  • Without clear acceptance criteria for a data quality fix, remediation work never finishes.
  • Define measurable quality thresholds before starting remediation work.