Guidelines on the Corporate Governance of Data

  • Prof. Dr. Michael Hilb

    Präsident, Board Foundation

  • Prof. Dr. Michael Hilb

    Präsident, Board Foundation


The GNDI Guidelines on the Corporate Governance of Data, or national guidelines issued by the respective GNDI member based on them, provide the Board of Directors (BoD) with guidance as how to

  • balance safeguarding legal and ethical data compliance while capturing competitive opportunities from data (i.e. strategic, operational, commercial, social, etc.)
  • improve governance effectiveness and efficiency by making use of data-driven governance approaches


The guidelines cover all data-related strategic, commercial, and operational activities of the company, in particular related to data, datafication and data-driven governance as well as operating and business model as defined in the Glossary.


The development and application of the guidelines follow a set of principles:

  • The guidelines are developed in a collaborative effort involving national GNDI member organizations to ensure adequate incorporation of different national requirements
  • Given the ongoing development of data-driven technologies, the guidelines will be reviewed and updated in a timely manner by the GNDI policy committee

Core Principles

Part I: Providing Strategic Direction for Data Governance

Data strategy: In line with the roles and responsibilities defined, the BoD leads and supports the management in developing a comprehensive

  • data business strategy and
  • data resilience strategy (incl. compliance, risk, and crisis approach)

that define the company’s approach to

  • data asset management (incl. valuation and intellectual property (IP) approach)
  • data technology management
  • data partnership management

based on the following data principles:

  • data safety and security
  • data value and veracity
  • data usability and compatibility
  • data integrity and sustainability

The strategies, policies, and tools proposed must be fit for the organization and shall take into account the organization’s and other stakeholders’ interests

For that purpose, the BoD may consider tasking an existing committee with data-related direction and control, set up a dedicated committee, initiate an advisory board, or, in the case of SMEs, appoint a member of the BoD with experience and successful track record in the field of data governance to ensure sufficient attention and expertise. The dedicated person or committee shall work closely with relevant subject matter experts and the management team

Data strategy integration: The BoD ensures that relevant data considerations are fully integrated into other strategies, in particular into the

  • Market-oriented strategies: e.g. marketing & sales, research & development
  • Operations-oriented strategies: e.g. manufacturing, procurement, logistics
  • Resource-oriented strategies: e.g. finance, HR, technology/IT, legal
  • Ecosystem-oriented strategies: e.g. partnerships, alliances, M&A

Part II: Providing Oversight of Data Governance

Data strategy execution: The BoD ensures that the data strategy is developed and implemented by the senior management as per plan and target by monitoring its implementation progress and measuring its impact, including benchmarking performance with that of comparable organizations

Legal data compliance: The BoD ensures that the company is fully compliant with all data regulations applicable where ever the company operates and data is stored (e.g. in cloud computing) and has the respective corporate policies and corresponding training programs in place, in particular related to relevant

  • data protection laws, industry standards, and recommendations
  • privacy laws, industry standards, and recommendations
  • cyber security laws, industry standards, and recommendations
  • intellectual property laws, industry standards, and recommendations

Ethical data compliance: The BoD ensures ethical compliance and understanding of the societal implications of its data-related business practices, in particular related to

  • data-driven technologies, such as artificial intelligence
  • data handling, such as data storage, leakage, veracity, or sharing
  • data use, such as in research, sales and marketing, and human resource management

Data reporting: The BoD understands the value of intangible data assets as well as possible risks and liabilities from the use of data and ensures meaningful reporting in line with respective accounting rules and reporting standards

Part III: Promoting the Culture for Data Governance

Data-driven governance: The BoD promotes the concept of data-driven governance by utilizing data technologies to improve transparency, effectiveness, and efficiency of board decisions in a responsible manner

Data awareness, mindset, and capability building: The BoD ensures that the organization develops awareness for data-related matters, a mindset for data-driven decision-making and data handling capabilities across all levels of the organization by ensuring adequate representation of experts in the relevant bodies, incorporation of data-related capabilities in competence framework and provision of training and development programs in particular in

  • data methodologies
  • data technologies
  • data resilience management (incl. compliance and risk management)
  • data ethics

Part IV: Adapting Data Governance to the Context

Contextual adaptation: The BoD ensures that corporate data governance policies are adapted to local requirements and sectoral contexts (if the company operates in multiple markets and industries)

Regular updates: The BoD ensures that data governance policies are regularly reviewed and adapted to take into account the latest technological, competitive, and regulatory developments


The GNDI Guidelines on Corporate Governance of Data approved by the GNDI Executive Committee are effective November 1, 2018. The latest version can be found at The guidelines provide a global cross-sectoral perspective and serve as a basis for adaptation based on industry, organization type, and jurisdiction

Appendix I: Glossary

Artificial intelligence: The simulation of human intelligence processes by machines, especially computer systems. These processes include learning, reasoning, and speech and image recognition.

Board of Directors (BoD): The BoD is a group of individuals, appointed or/and elected by shareholders and mandated to direct and control the company, establish policies for corporate management, oversee the executive management, and to make decisions on major company issues.

Data: The representation of facts, such as text, numbers, graphics, images, sound, or video.

Data-driven business model: Commercialization of data-driven offerings.

Data-driven governance: Usage of data and analytics/artificial intelligence to improve the effectiveness and efficiency of corporate governance.

Data-driven operating model: Usage of data to improve, run and safeguard operations.

Datafication: Process of moving from a product- and process-oriented to a data-driven business approach.

Digital transformation: The pro-active change of business and organizational activities, processes, competencies and models fully leveraging the changes and opportunities of relevant digital technologies.

Digitalization: Process of moving from an analog to a digital business approach.

Intellectual property (IP): IP refers to the protection of creations of the mind, including brand names, inventions, designs, or software.

Machine learning: Machine learning is a subset of artificial intelligence that often uses statistical techniques to give computers the ability to learn with data, without being explicitly programmed.

Appendix II: Practical Guide

How to get data governance on your BoD’s agenda?

  1. Create awareness for the governance of data and establish shared language between BoD and top management
  2. Identify and discuss key data topics relevant to your company in a joint effort by the BoD and top management
  3. Identify the need to adjust or introduce new data-related corporate policies
  4. Ask top management to come up with a datafication roadmap
  5. Discuss and approve datafication roadmap
  6. Task top management to implement datafication roadmap, monitor its implementation and provide regular updates
  7. Assess progress and need for adjustments to datafication roadmap on a regular basis

Weitere Insights zu diesem Thema

  • Board News

    Das Swiss Institute of Directors geht Partnerschaft mit dem Chartered Governance Institute ein

  • Board Views

    Von der Corporate Governance der Nachhaltigkeit zur nachhaltigen Corporate Governance

    Wie lässt sich Nachhaltigkeit am besten in die Corporate Governance integrieren? Die Verwaltungsräte haben sich für zwei unterschiedliche Wege entschieden: den funktionalen Weg, der sich auf die Corporate Governance der Nachhaltigkeit konzentriert, und den grundlegenden Ansatz, der zu einer nachhaltigen Corpororate Governance führt. In diesem Artikel werden die Vorzüge und Grenzen beider Ansätze bewertet und ein Übergang zu einer nachhaltigen Governance gefordert. Dies setzt voraus, dass die Mitglieder des Verwaltungsrats sich regelmässig mit den Interessengruppen austauschen und die zugrunde liegenden Annahmen kontinuierlich diskutieren, um den Governance-Rahmen bei Bedarf weiterzuentwickeln.

  • Board Views

    Streben nach Excellenz in der Corporate Governance

    Der Beitrag des Venture-Boards zur unternehmerischen Wertschöpfung und seine zentrale Rolle in Venture-Ökosystemen wird trotz der langen Geschichte der Venture-Governance häufig übersehen. Die Geschichte lehrt uns sechs Grundsätze für eine hervorragende Unternehmensführung.

  • Board Views

    Von der Corporate zur Ecosystem Governance?

    Die Beherrschung von Ökosystemen wird zunehmend als Schlüssel zur strategischen Wertschöpfung in einem hochdynamischen Umfeld angesehen. Die Rolle der Governance ist zu einem wichtigen Unterscheidungsmerkmal zwischen Organisationen geworden, die im Ökosystemspiel gewinnen oder verlieren. In diesem Artikel wird die Bedeutung der Governance für die erfolgreiche Schaffung, Entwicklung und das Wachstum von Ökosystemen erörtert und es werden acht Herausforderungen vorgestellt, die im Laufe des Lebenszyklus von Ökosystemen zu bewältigen sind. Er fährt mit einer Taxonomie der Ökosystem-Governance fort, die eine Auswahl an effektiven Governance-Mechanismen zur Bewältigung dieser Herausforderungen bietet. Der Artikel schliesst mit Ratschlägen, wie der Übergang von der Corporate Governance zur Ökosystem-Governance am besten bewältigt werden kann.

  • Board Views

    Auftrag erfüllt? Der Stand der digitalen Governance

    Vor fünf Jahren lud ich eine Reihe von Vordenkern ein, mit mir über die Rolle des Verwaltungsrats angesichts der Digitalisierung nachzudenken. Das Ergebnis ist eine Sammlung von zwölf Perspektiven zur Governance der Digitalisierung (Hilb 2017). Wo stehen wir jetzt, fünf Jahre, eine Pandemie und gefühlte Tausende von Artikeln über digitale Governance später?

  • Board Guides

    Guidelines on the Corporate Governance of Cybersecurity

  • Board Guides

    Guidelines on the Corporate Governance of Startups

  • Board Guides

    Guidelines on the Corporate Governance of Business Excellence

  • Board Books

    Governance von Ökosystemen

  • Board Books

    Governace of Ventures

  • Board Books

    Steuerung der Digitalisierung

  • Board Books

    Strategische Führung auf VR und GL-Ebene in KMU