Guidelines on the Corporate Governance of Data

  • Prof. Dr. Michael Hilb

    Président, Board Foundation

  • Prof. Dr. Michael Hilb

    Président, Board Foundation


The GNDI Guidelines on the Corporate Governance of Data, or national guidelines issued by the respective GNDI member based on them, provide the Board of Directors (BoD) with guidance as how to

  • balance safeguarding legal and ethical data compliance while capturing competitive opportunities from data (i.e. strategic, operational, commercial, social, etc.)
  • improve governance effectiveness and efficiency by making use of data-driven governance approaches


The guidelines cover all data-related strategic, commercial, and operational activities of the company, in particular related to data, datafication and data-driven governance as well as operating and business model as defined in the Glossary.


The development and application of the guidelines follow a set of principles:

  • The guidelines are developed in a collaborative effort involving national GNDI member organizations to ensure adequate incorporation of different national requirements
  • Given the ongoing development of data-driven technologies, the guidelines will be reviewed and updated in a timely manner by the GNDI policy committee

Core Principles

Part I: Providing Strategic Direction for Data Governance

Data strategy: In line with the roles and responsibilities defined, the BoD leads and supports the management in developing a comprehensive

  • data business strategy and
  • data resilience strategy (incl. compliance, risk, and crisis approach)

that define the company’s approach to

  • data asset management (incl. valuation and intellectual property (IP) approach)
  • data technology management
  • data partnership management

based on the following data principles:

  • data safety and security
  • data value and veracity
  • data usability and compatibility
  • data integrity and sustainability

The strategies, policies, and tools proposed must be fit for the organization and shall take into account the organization’s and other stakeholders’ interests

For that purpose, the BoD may consider tasking an existing committee with data-related direction and control, set up a dedicated committee, initiate an advisory board, or, in the case of SMEs, appoint a member of the BoD with experience and successful track record in the field of data governance to ensure sufficient attention and expertise. The dedicated person or committee shall work closely with relevant subject matter experts and the management team

Data strategy integration: The BoD ensures that relevant data considerations are fully integrated into other strategies, in particular into the

  • Market-oriented strategies: e.g. marketing & sales, research & development
  • Operations-oriented strategies: e.g. manufacturing, procurement, logistics
  • Resource-oriented strategies: e.g. finance, HR, technology/IT, legal
  • Ecosystem-oriented strategies: e.g. partnerships, alliances, M&A

Part II: Providing Oversight of Data Governance

Data strategy execution: The BoD ensures that the data strategy is developed and implemented by the senior management as per plan and target by monitoring its implementation progress and measuring its impact, including benchmarking performance with that of comparable organizations

Legal data compliance: The BoD ensures that the company is fully compliant with all data regulations applicable where ever the company operates and data is stored (e.g. in cloud computing) and has the respective corporate policies and corresponding training programs in place, in particular related to relevant

  • data protection laws, industry standards, and recommendations
  • privacy laws, industry standards, and recommendations
  • cyber security laws, industry standards, and recommendations
  • intellectual property laws, industry standards, and recommendations

Ethical data compliance: The BoD ensures ethical compliance and understanding of the societal implications of its data-related business practices, in particular related to

  • data-driven technologies, such as artificial intelligence
  • data handling, such as data storage, leakage, veracity, or sharing
  • data use, such as in research, sales and marketing, and human resource management

Data reporting: The BoD understands the value of intangible data assets as well as possible risks and liabilities from the use of data and ensures meaningful reporting in line with respective accounting rules and reporting standards

Part III: Promoting the Culture for Data Governance

Data-driven governance: The BoD promotes the concept of data-driven governance by utilizing data technologies to improve transparency, effectiveness, and efficiency of board decisions in a responsible manner

Data awareness, mindset, and capability building: The BoD ensures that the organization develops awareness for data-related matters, a mindset for data-driven decision-making and data handling capabilities across all levels of the organization by ensuring adequate representation of experts in the relevant bodies, incorporation of data-related capabilities in competence framework and provision of training and development programs in particular in

  • data methodologies
  • data technologies
  • data resilience management (incl. compliance and risk management)
  • data ethics

Part IV: Adapting Data Governance to the Context

Contextual adaptation: The BoD ensures that corporate data governance policies are adapted to local requirements and sectoral contexts (if the company operates in multiple markets and industries)

Regular updates: The BoD ensures that data governance policies are regularly reviewed and adapted to take into account the latest technological, competitive, and regulatory developments


The GNDI Guidelines on Corporate Governance of Data approved by the GNDI Executive Committee are effective November 1, 2018. The latest version can be found at The guidelines provide a global cross-sectoral perspective and serve as a basis for adaptation based on industry, organization type, and jurisdiction

Appendix I: Glossary

Artificial intelligence: The simulation of human intelligence processes by machines, especially computer systems. These processes include learning, reasoning, and speech and image recognition.

Board of Directors (BoD): The BoD is a group of individuals, appointed or/and elected by shareholders and mandated to direct and control the company, establish policies for corporate management, oversee the executive management, and to make decisions on major company issues.

Data: The representation of facts, such as text, numbers, graphics, images, sound, or video.

Data-driven business model: Commercialization of data-driven offerings.

Data-driven governance: Usage of data and analytics/artificial intelligence to improve the effectiveness and efficiency of corporate governance.

Data-driven operating model: Usage of data to improve, run and safeguard operations.

Datafication: Process of moving from a product- and process-oriented to a data-driven business approach.

Digital transformation: The pro-active change of business and organizational activities, processes, competencies and models fully leveraging the changes and opportunities of relevant digital technologies.

Digitalization: Process of moving from an analog to a digital business approach.

Intellectual property (IP): IP refers to the protection of creations of the mind, including brand names, inventions, designs, or software.

Machine learning: Machine learning is a subset of artificial intelligence that often uses statistical techniques to give computers the ability to learn with data, without being explicitly programmed.

Appendix II: Practical Guide

How to get data governance on your BoD’s agenda?

  1. Create awareness for the governance of data and establish shared language between BoD and top management
  2. Identify and discuss key data topics relevant to your company in a joint effort by the BoD and top management
  3. Identify the need to adjust or introduce new data-related corporate policies
  4. Ask top management to come up with a datafication roadmap
  5. Discuss and approve datafication roadmap
  6. Task top management to implement datafication roadmap, monitor its implementation and provide regular updates
  7. Assess progress and need for adjustments to datafication roadmap on a regular basis

Autres Insights de ce thème

  • Board News

    Le Swiss Institute of Directors s’associe au Chartered Governance Institute

  • Board Views

    De la gouvernance d’entreprise de la durabilité à la gouvernance d’entreprise durable

    Quelle est la meilleure façon d'intégrer le développement durable dans le cadre de la gouvernance d'entreprise ? Les conseils d'administration ont choisi deux voies distinctes : la voie fonctionnelle, qui se concentre sur la gouvernance d'entreprise de la durabilité, et l'approche fondamentale, qui mène à la gouvernance d'entreprise durable. Cet article évalue les mérites et les limites de ces deux approches et appelle à une transition vers une gouvernance durable. Pour ce faire, les membres du conseil d'administration doivent s'engager régulièrement avec les parties prenantes et débattre en permanence des hypothèses sous-jacentes afin de poursuivre le développement du cadre de gouvernance, le cas échéant.

  • Board Views

    Viser l’excellence dans la gouvernance des entreprises

    La contribution du conseil d'administration du capital-risque à la création de valeur entrepreneuriale et son rôle central dans les écosystèmes de capital-risque sont souvent négligés malgré la longue histoire de la gouvernance du capital-risque. L'histoire nous enseigne six principes d'excellence en matière de gouvernance d'entreprise.

  • Board Views

    De la gouvernance des entreprises à la gouvernance des écosystèmes

    La maîtrise des écosystèmes est de plus en plus considérée comme la clé de la création de valeur stratégique dans des environnements très dynamiques. Le rôle de la gouvernance est devenu un facteur clé de différenciation entre les organisations qui gagnent ou perdent au jeu de l'écosystème. Cet article traite de l'importance de la gouvernance pour la création, le développement et la croissance réussis des écosystèmes et présente huit défis à relever tout au long du cycle de vie des écosystèmes. Il se poursuit par une taxonomie de la gouvernance des écosystèmes qui fournit un menu de mécanismes de gouvernance efficaces pour relever ces défis. L'article se termine par des conseils sur la meilleure façon de gérer la transition d'une gouvernance d'entreprise à une gouvernance d'écosystème.

  • Board Views

    Mission accomplie ? L’état de la gouvernance numérique

    Il y a cinq ans, j'ai invité plusieurs leaders d'opinion à réfléchir avec moi au rôle du Board Leaders face à la digitalisation. Le résultat est un recueil de douze perspectives sur la gouvernance de la numérisation (Hilb 2017). Où en sommes-nous aujourd'hui, cinq ans, une pandémie et des milliers d'articles sur la gouvernance numérique plus tard ?

  • Board Guides

    Guidelines on the Corporate Governance of Cybersecurity

  • Board Guides

    Guidelines on the Corporate Governance of Startups

  • Board Guides

    Guidelines on the Corporate Governance of Business Excellence

  • Board Books

    Governance of Ecosystems

  • Board Books

    Governace of Ventures

  • Board Books

    Governance of Digitalization

  • Board Books

    Strategische Führung auf VR und GL-Ebene in KMU