Publication date 20/04/2026
Update date 21/04/2026
Imagen para ilustrar el post que representa gobernanza de datos
Description

Data governance is a central element of any digital strategy. Governments, companies, social organizations and international institutions agree that, without clear rules on how data is collected, managed, shared and used, it is impossible to take advantage of its full value.

This article seeks to clarify this concept, providing information on its basic principles. To do this, we have based ourselves on two reports: Data Governance Toolkit: Navigating Data in the digital era by the Broadband Commission, co-founded by UNESCO and the International Telecommunication Union (ITU), and What is Data Governance: 30 Questions and Answers, prepared by The Govlab. The second report delves into the definitions and concepts included in the first. Both documents agree that data governance is not just a set of rules, but a comprehensive frameworkthat guides the entire data lifecycle.

Below is a summary of what both reports say. What is data governance?

Data governance can be defined as the set of processes, people, policies, practices, and technologies that guide how data is generated, managed, and reused throughout its entire lifecycle. It aims to increase trust, value and fairness, while minimizing risks and harms, in accordance with a set of fundamental principles.

The 4P of the Data Governance Toolkit

The Broadband Commission highlights four essential elements of data governance:

Why: Define the vision and purpose of data and its governance.

  • How: Establish the principles that will guide decisions and practices.
  • Who: Identify institutional roles, responsibilities, and processes.
  • What: Specify the policies, mechanisms, and technologies that will be applied in each phase of the data lifecycle.

Diagram titled “Data Governance Framework” showing four key components arranged around a central circular graphic divided into four quadrants labeled WHY, HOW, WHAT, and WHO, with arrows indicating a continuous cycle. The “WHY” section (top left) describes vision and purpose for data and data governance. The “HOW” section (top right) covers principles to ensure the purpose is achieved responsibly and effectively. The “WHAT” section (bottom right) outlines policies, processes, and practices that manage the data lifecycle in alignment with principles. The “WHO” section (bottom left) refers to people and processes needed to create and enforce governance policies and practices aligned with principles. The diagram emphasizes the interconnected and cyclical nature of these elements.

Figure 1. Data Governance Framework. Source: Data Governance Toolkit: Navigating Data in the Digital Era, Broadband Commission (2025).

This structure – known as the 4Ps of the Toolkit (Purpose, Principles, People, and Practices) – allows governance not to be an abstract exercise, but an operational and measurable practice. It works as building blocks that can be leveraged and adapted to guide the development of new data governance strategies.

Each of them is detailed below:

1. Why? (Purpose)

  • Purpose and vision are essential to guide data governance, bring consistency to initiatives, and ensure responsible management throughout the entire data lifecycle.
  • A good governance purpose should reflect societal values and priorities, be actionable, and balance opportunities (such as innovation or data reuse) with risks (such as bias, exclusion, or harm).
  • The most common purposes include maximizing the value of data, fostering innovation and sustainable development, promoting equity, supporting public policy goals, and strengthening people's participation and agency.

A well-formulated purpose acts as a frame of reference to ensure alignment, coherence, and accountability. In addition, it helps to avoid misuse, duplication or disconnected efforts. To be effective, this purpose must:

  • Reflect the  organization's core values and societal priorities (e.g., equity, innovation, and human rights).
  • Be applicable and in line with the company's objectives.
  • Address both opportunities (e.g., data reuse or implementation of artificial intelligence) and risks (e.g., harm, exclusion, or bias).
  • Serve as a reference for governance decisions, success indicators, and continuous improvement.

In practice, organizations tend to orient their governance towards goals such as maximizing the economic and social value of data, fostering innovation and sustainable development, promoting equity, supporting public policy objectives (such as health outcomes or environmental protection) or strengthening digital participation and self-determination. These purposes are not exclusive. When combined, they allow for more responsible, useful, and legitimate data ecosystems.

2. How? (Principles)

Data governance principles need to be developed  through a structured process that starts with defining objectives and scope. These principles must:

  • Incorporate human rights frameworks and basic principles such as transparency, accountability, proportionality, equity, participation, legality, security, privacy, quality, etc.
  • Anchor themselves in international standards linked to interoperability, AI ethics or data protection.
  • Take into account the cultural context and local social values by engaging diverse actors and testing based on concrete scenarios.
  • Be reviewed and updated on an ongoing basis to maintain relevance to legal and technological changes.

3. Who? (People)

Creating effective data governance frameworks requires involving multiple actors through collaborative processes that ensure inclusion, transparency, and consistency with legal and ethical standards. This block entails identifying key stakeholders, their roles and responsibilities, and establishing effective coordination and accountability mechanisms. To this end, it is recommended:

  • Develop workshops, consultations, and feedback mechanisms for governments, businesses, civil society, and technical experts to contribute to defining principles and responsibilities.
  • Implement tools such as stakeholder mapping, policy review, and comparison with global frameworks, including human rights, data provenance standards, or ethical AI guidelines.
  • Conduct scenario-based testing to identify gaps and strengthen the resilience of governance frameworks.
  • Develop data governance capabilities by combining continuous training, clear structures, and management tools.
  • Design transparent accountability structures and oversight mechanisms to ensure compliance.
  • Implement contractual agreements, institutional policies, governance-by-design approaches, and security measures, such as encryption or access controls.

It is important to consider models such as RACI. Likewise, maturity assessments and audits help to review and improve practices.

  1. ¿Qué? (Practices)

Before addressing this section, it is necessary to understand what the data life cycle consists of. The data life cycle describes the different stages through which information passes, from when its need is conceived until it is used to generate knowledge or support decisions. While there are multiple frameworks and each may use slightly different terminologies, most agree on six fundamental phases: planning, collection, processing, sharing, analysis, and use.

Diagram titled “Data Lifecycle” showing a linear, connected sequence of six stages represented by circles linked with arrows. The stages are: (1) Planning, (2) Collection, (3) Processing, (4) Sharing, (5) Analyzing, and (6) Using. Each stage is illustrated with an icon (calendar for planning, hand and database for collection, gears for processing, network nodes for sharing, magnifying glass for analyzing, and upload arrow for using). The arrows indicate a continuous flow and cyclical progression across the data lifecycle.

Figure 2. Data lifecycle. Source: Data Governance Toolkit: Navigating Data in the digital era, Broadband Commission (2025).

These phases consist of:

1. Planning. This phase defines the data needs, intended uses,  and governance requirements that will be implemented subsequently. It is time to clarify the purpose, scope, feasibility, identify risks, establish quality criteria and determine who will be responsible for each decision. Poor planning—for example, an ambiguous purpose—can compromise the entire subsequent cycle.

2. Collection. It consists of obtaining data through surveys, sensors, transactions, administrative records or other mechanisms. Here we decide what data is really necessary, how it is obtained in an equitable and ethical way, and how to ensure that its capture respects principles such as privacy or minimization. A disorderly or excessive picking phase can lead to unnecessary risks and costs.

3. Processing. It includes all tasks of cleaning, validating, organizing, storing, and preserving data. It also covers disposal when they are no longer needed. The processing phase is critical to ensure the quality, traceability and proper handling of information. Poor processing can introduce bias, errors, or integrity losses that will affect subsequent analysis.

4. Sharing. At this stage, the data is made available to third parties for reuse, either through platforms, APIs, sharing agreements or collaborative spaces. Governance determines who can access it, under what conditions, with what safeguards and with what control mechanisms. A well-designed sharing multiplies the value of the data; Poorly managed can lead to security risks or misuse.

5. Analysis. Here the data is interpreted to generate knowledge, through statistics, visualizations, models or advanced techniques such as artificial intelligence. Governance influences how methods are documented, how biases are managed, and how reproducibility is ensured. An analysis without controls can lead to erroneous or discriminatory conclusions.

6. Use. Finally, the results of the analysis are applied to inform decisions, design policies, improve services or create products. This phase must be aligned with the purpose defined at the beginning and with the established ethical and legal principles. Improper use can lead to negative impacts, even if the previous phases were performed correctly.

In each of these stages, key decisions are made: who accesses the data, how its quality is guaranteed, what safeguards are applied, how the processes are documented, or what oversight mechanisms are in place. These decisions are not independent: they accumulate and condition what is possible in the later phases.

Applying data governance principles and decisions throughout the entire data lifecycle requires integrating them into processes, tools, and compliance frameworks aligned with regulatory requirements. In addition, it is necessary to adapt to the needs of each sector, relying on global or jurisdictional standards. Some aspects to consider are:

  • Define legal roles and requirements from planning.
  • Use frameworks such as DAMADMBOK or exchange agreements, relying on metadata, traceability and interoperability standards to ensure transparency and responsible use.
  • Rely on legal agreements, regulatory cooperation, and privacy-enhancing technologies to ensure proper data flows.
  • Ensure the safe and responsible use of artificial intelligence through reliable, well-documented data managed with transparency and oversight.
  • Measure the success of the initiative by assessing compliance, quality, safety, and maturity.

The Broadband Commission's guide includes a self-assessment mechanism with a variety of checklists. The aim is for governments, public institutions and organisations to be able to know the current state of their data governance systems and identify opportunities for improvement. These lists cover both the activities of the other blocks and the recommended processes in each phase of the data lifecycle.

Other Frameworks to Consider

The Broadband Commission is not the only organization that has developed a framework. The following table lists other initiatives that may also be of interest.

Toolkit Author Audience
Data Governance Toolkit New South Wales State Government (Australia) Public sector
Data Innovation Toolkit European Commission Digital Innovation Lab Public sector
OECD Data Governance Organization for Economic Co-operation and Development (OECD) Public sector
Data to Policy Navigator GIZ Data4Policy Initiative and the Digital Office of the United Nations Development Programme (UNDP) Public sector
Data policy Framework African Union (AU) Public sector
Data Management Framework Association of Southeast Asian Nations (ASEAN) Public sector
Navigating Data Governance International Telecommunication Union (ITU) Regulators
The Data PlayBook International Federation of Red Cross and Red Crescent Societies (IFRC) and Solferimo Academy Humanitarian sector
Data Responsibility Journey TheGovLab Public and private sector
Data Governance and Management Toolkit Members of the SGIG DSC Members Indigenous governments

Figure 3. Mapping toolsets for data governance. Source: Data Governance Toolkit: Navigating Data in the digital era, Broadband Commission (2025).

All frameworks agree on one aspect: the key to data governance is to combine a clear purpose, strong principles, mechanisms for participation and legitimacy, and processes applicable to the entire data lifecycle.

In Spain, we have the UNE series of standards on data governance, management, and quality -0077, 0078, 0079, 0080, and 0085- which are designed to be applied together and provide a solid framework to promote the adoption of sustainable and effective data practices.

At a time when data drives everything from AI to digital public services, moving towards responsible governance is an opportunity to strengthen trust, empower innovation, and ensure that the benefits of data are distributed equitably. That's why it's important for all organizations to implement a clear framework that ensures robust data governance.

Ciencia y tecnología
gobierno del dato
gobernanza
buenas prácticas
informes

Related Content

Los datos abiertos como una herramienta de gobernanza

Open data as a governance tool
Una persona con un teléfono móvil

Guides of the Spanish Data Protection Agency (AEPD) for innovation and digital privacy
Icono de una API

APIs in Public Administrations: which ones are there and how to use them