Guidelines on the Corporate Governance of Data

  • Prof. Dr. Michael Hilb

    Chair, Board Foundation

  • Prof. Dr. Michael Hilb

    Chair, Board Foundation


The GNDI Guidelines on the Corporate Governance of Data, or national guidelines issued by the respective GNDI member based on them, provide the Board of Directors (BoD) with guidance as how to

  • balance safeguarding legal and ethical data compliance while capturing competitive opportunities from data (i.e. strategic, operational, commercial, social, etc.)
  • improve governance effectiveness and efficiency by making use of data-driven governance approaches


The guidelines cover all data-related strategic, commercial, and operational activities of the company, in particular related to data, datafication and data-driven governance as well as operating and business model as defined in the Glossary.


The development and application of the guidelines follow a set of principles:

  • The guidelines are developed in a collaborative effort involving national GNDI member organizations to ensure adequate incorporation of different national requirements
  • Given the ongoing development of data-driven technologies, the guidelines will be reviewed and updated in a timely manner by the GNDI policy committee

Core Principles

Part I: Providing Strategic Direction for Data Governance

Data strategy: In line with the roles and responsibilities defined, the BoD leads and supports the management in developing a comprehensive

  • data business strategy and
  • data resilience strategy (incl. compliance, risk, and crisis approach)

that define the company’s approach to

  • data asset management (incl. valuation and intellectual property (IP) approach)
  • data technology management
  • data partnership management

based on the following data principles:

  • data safety and security
  • data value and veracity
  • data usability and compatibility
  • data integrity and sustainability

The strategies, policies, and tools proposed must be fit for the organization and shall take into account the organization’s and other stakeholders’ interests

For that purpose, the BoD may consider tasking an existing committee with data-related direction and control, set up a dedicated committee, initiate an advisory board, or, in the case of SMEs, appoint a member of the BoD with experience and successful track record in the field of data governance to ensure sufficient attention and expertise. The dedicated person or committee shall work closely with relevant subject matter experts and the management team

Data strategy integration: The BoD ensures that relevant data considerations are fully integrated into other strategies, in particular into the

  • Market-oriented strategies: e.g. marketing & sales, research & development
  • Operations-oriented strategies: e.g. manufacturing, procurement, logistics
  • Resource-oriented strategies: e.g. finance, HR, technology/IT, legal
  • Ecosystem-oriented strategies: e.g. partnerships, alliances, M&A

Part II: Providing Oversight of Data Governance

Data strategy execution: The BoD ensures that the data strategy is developed and implemented by the senior management as per plan and target by monitoring its implementation progress and measuring its impact, including benchmarking performance with that of comparable organizations

Legal data compliance: The BoD ensures that the company is fully compliant with all data regulations applicable where ever the company operates and data is stored (e.g. in cloud computing) and has the respective corporate policies and corresponding training programs in place, in particular related to relevant

  • data protection laws, industry standards, and recommendations
  • privacy laws, industry standards, and recommendations
  • cyber security laws, industry standards, and recommendations
  • intellectual property laws, industry standards, and recommendations

Ethical data compliance: The BoD ensures ethical compliance and understanding of the societal implications of its data-related business practices, in particular related to

  • data-driven technologies, such as artificial intelligence
  • data handling, such as data storage, leakage, veracity, or sharing
  • data use, such as in research, sales and marketing, and human resource management

Data reporting: The BoD understands the value of intangible data assets as well as possible risks and liabilities from the use of data and ensures meaningful reporting in line with respective accounting rules and reporting standards

Part III: Promoting the Culture for Data Governance

Data-driven governance: The BoD promotes the concept of data-driven governance by utilizing data technologies to improve transparency, effectiveness, and efficiency of board decisions in a responsible manner

Data awareness, mindset, and capability building: The BoD ensures that the organization develops awareness for data-related matters, a mindset for data-driven decision-making and data handling capabilities across all levels of the organization by ensuring adequate representation of experts in the relevant bodies, incorporation of data-related capabilities in competence framework and provision of training and development programs in particular in

  • data methodologies
  • data technologies
  • data resilience management (incl. compliance and risk management)
  • data ethics

Part IV: Adapting Data Governance to the Context

Contextual adaptation: The BoD ensures that corporate data governance policies are adapted to local requirements and sectoral contexts (if the company operates in multiple markets and industries)

Regular updates: The BoD ensures that data governance policies are regularly reviewed and adapted to take into account the latest technological, competitive, and regulatory developments


The GNDI Guidelines on Corporate Governance of Data approved by the GNDI Executive Committee are effective November 1, 2018. The latest version can be found at The guidelines provide a global cross-sectoral perspective and serve as a basis for adaptation based on industry, organization type, and jurisdiction

Appendix I: Glossary

Artificial intelligence: The simulation of human intelligence processes by machines, especially computer systems. These processes include learning, reasoning, and speech and image recognition.

Board of Directors (BoD): The BoD is a group of individuals, appointed or/and elected by shareholders and mandated to direct and control the company, establish policies for corporate management, oversee the executive management, and to make decisions on major company issues.

Data: The representation of facts, such as text, numbers, graphics, images, sound, or video.

Data-driven business model: Commercialization of data-driven offerings.

Data-driven governance: Usage of data and analytics/artificial intelligence to improve the effectiveness and efficiency of corporate governance.

Data-driven operating model: Usage of data to improve, run and safeguard operations.

Datafication: Process of moving from a product- and process-oriented to a data-driven business approach.

Digital transformation: The pro-active change of business and organizational activities, processes, competencies and models fully leveraging the changes and opportunities of relevant digital technologies.

Digitalization: Process of moving from an analog to a digital business approach.

Intellectual property (IP): IP refers to the protection of creations of the mind, including brand names, inventions, designs, or software.

Machine learning: Machine learning is a subset of artificial intelligence that often uses statistical techniques to give computers the ability to learn with data, without being explicitly programmed.

Appendix II: Practical Guide

How to get data governance on your BoD’s agenda?

  1. Create awareness for the governance of data and establish shared language between BoD and top management
  2. Identify and discuss key data topics relevant to your company in a joint effort by the BoD and top management
  3. Identify the need to adjust or introduce new data-related corporate policies
  4. Ask top management to come up with a datafication roadmap
  5. Discuss and approve datafication roadmap
  6. Task top management to implement datafication roadmap, monitor its implementation and provide regular updates
  7. Assess progress and need for adjustments to datafication roadmap on a regular basis

Other Insights from this theme

  • Board News

    The Swiss Institute of Directors Partners with the Chartered Governance Institute

  • Board Views

    From Corporate Governance of Sustainability to Sustainable Corporate Governance

    What is the best way to integrate sustainability into the corporate governance framework? Boards of directors have chosen two distinct paths: the functional way, which focuses on corporate governance of sustainability, and the foundational approach, which leads to sustainable corporate governance. This article assesses the merits and limitations of both approaches and calls for a transition to sustainable governance. This requires board members to engage regularly with stakeholders and to continuously debate the underlying assumptions to further develop the governance framework as required.

  • Board Views

    Striving for Excellence in Venture Governance

    The contribution of the venture board to entrepreneurial value creation, and its pivotal role in venture ecosystems, is often overlooked despite a long history of venture governance. History teaches us six principles of excellence in venture governance.

  • Board Views

    From Corporate to Ecosystem Governance

    Mastering ecosystems is increasingly seen as key to strategic value creation in highly dynamic environments. The role of governance has become a key differentiator between organizations that win or lose from the ecosystem game. This article discusses the importance of governance to the successful creation, development, and growth of ecosystems and presents eight challenges to be addressed along the ecosystem lifecycle. It continues with a taxonomy of ecosystem governance that provides a menu of effective governance mechanisms to address these challenges. The article concludes with advice on how best to manage the transition from a corporate governance to an ecosystem governance focus.

  • Board Views

    Mission Accomplished? The State of Digital Governance

    Five years ago, I invited a number of thought leaders to reflect with me on the role of the board of directors in the face of digitalization. The result was a collection of twelve perspectives on the governance of digitalization (Hilb 2017). Where are we now, five years, one pandemic, and perceived thousands of articles on digital governance later?

  • Board Guides

    Guidelines on the Corporate Governance of Cybersecurity

  • Board Guides

    Guidelines on the Corporate Governance of Startups

  • Board Guides

    Guidelines on the Corporate Governance of Business Excellence

  • Board Books

    Governance of Ecosystems

  • Board Books

    Governace of Ventures

  • Board Books

    Governance of Digitalization

  • Board Books

    Strategische Führung auf VR und GL-Ebene in KMU