The DGOM turns our policies and frameworks into structures, roles and processes: who is accountable for data, how decisions are made, and how issues get fixed. Federated by design — the business owns its data; the Data Governance Office provides the standards, tooling and coordination.
Steering Committee strategy, funding, appointments — quarterly. Domain Councils definitions, CDEs, quality rules for their domain. DDRB design QA for data models. AI Governance Committee high-risk AI use cases. DGO runs it all day-to-day and escalates risk monthly to the MRF, quarterly to the ARC.
The DGOM exists to fix specific business problems: fragmented ownership, inconsistent definitions, data quality issues, uncontrolled data sharing and increasing regulatory risk. It translates our policies (Data Governance Framework, Privacy, Quality, Retention, Document Management) into structures people can actually use.
| Strategic driver | DGOM impact |
|---|---|
| A truly customer-first culture | Trusted customer data drives better decisions, personalised experiences and compliant use of data (POPIA). |
| Develop future-fit channels | Consistent, high-quality data across channels supports seamless digital and omnichannel experiences. |
| Enable precision retailing | Reliable, fit-for-purpose data powers analytics, AI and supply chain optimisation. |
| Leverage platform advantage | Data treated as a strategic asset improves reuse, reduces cost, increases efficiency. |
The model is federated: accountability sits with business domains, coordination and standards come from the centre. Structures stand up as Data Sponsors and Data SMEs are onboarded (Framework §7) — see the Roadmap for sequencing.
| Forum | Frequency | Key decision rights |
|---|---|---|
| Data Governance Steering Committee CAO chairs; Data Sponsors; Group Risk; GISO; IT Governance | Quarterly | Strategic alignment · capital for enterprise tooling · formalise Sponsor/SME appointments · budget & resourcing · resolve escalated deadlocks · prioritise data projects |
| Data Governance Councils (per domain) | Quarterly / as needed | Approve domain definitions & CDEs · DQ rules & remediation · domain access rules within Group policy · oversee privacy & retention adherence · escalate to Steerco |
| Data Focus Areas (Data SMEs) | Continuous | Execute the DQ lifecycle · propose rule amendments · recommend remediation · build the Glossary & Catalogue |
| Data Design Review Board | As needed | Approve/reject data & integration designs · verify metadata, lineage, quality and retention are embedded · flag design risks · aligns with the ARB |
| AI Governance Committee | As needed | Review/approve high-risk AI use cases · define ethical guidelines · enforce bias & model-risk mitigations · escalate material risks |
Every domain has a Data Sponsor — an executive accountable for its quality, definitions, access and lifecycle — supported by Data SMEs. Tap a domain for details. RED EDGE = heightened regulatory obligations. TEAL EDGE = added in V1.1.
| Role | What they do |
|---|---|
| Data Governance Office | Maintains the framework, policies, tooling, forums and KPIs; escalates risk (monthly MRF, quarterly ARC); supports every domain's rollout. |
| Enterprise / Solution Architect | Designs data and integration architecture aligned to governance, EA and security standards. |
| Security & Compliance | Sets and oversees security, privacy and regulatory controls; enforcement of access; breach handling. |
| Analytics / BI / AI Lead | Consumes governed data; flags gaps; supports ethical, compliant AI use. |
| HR / People | Embeds governance roles into job profiles, performance objectives and training. |
Issues come from profiling (logged in DQLabs) or day-to-day business use (logged via the SharePoint Form). Both consolidate into the DGO's central register — the single system of record. Fix at source, not downstream.
POPIA does not prohibit access to personal information; it requires safeguards. We apply layers cumulatively — like an onion around the data:
Who approves: Data Sponsors approve access to their domains — particularly restricted or sensitive data — with Security & Compliance providing risk oversight. External sharing requires contracts and secure channels. Classification lives in Erwin; enforcement (entitlements, masking, approvals) is executed by Security/IAM.
Per the Data Quality Policy §4 — the basis of every DQ rule, threshold and scorecard:
AccuracyCompletenessConsistencyValidity IntegrityUniquenessTimelinessTraceability
Sponsors and SMEs set thresholds per Critical Data Element; detailed rules live in the Data Quality Standards, not here — one source of truth.
PROPOSE any SME or business user, via the catalogue workflow → REVIEW domain SME checks accuracy & duplication → APPROVE Sponsor / Domain Council (Group-wide terms: Steerco) → PUBLISH with owner, definition, classification, effective date → REVIEW ANNUALLY or on process/system/regulatory change.
| Mechanism | What it means |
|---|---|
| DMOR retention rulings | Every migration object carries a signed-off ruling — period, trigger, residence, tier plan, disposal — delivered just-in-time per wave. Nothing migrates unconfirmed. |
| Design checkpoints | Solution designs pass the Data Design Review Board; S/4 design sessions reference catalogue definitions, so the build stands on governed terms. |
| Ownership recruitment | DMOR objects need a named Sponsor and SME before migration — the migration mandate is how the stewardship network gets built. |
| PI & POPIA | Profiling flags PI into the POPIA inventory; PI-bearing objects get event-based destruction triggers engineered into the S/4 build, not retrofitted. |
| No shadow copies | Snowflake and lake copies inherit retention as catalogue metadata. No downstream copy outlives its archived source. |
Targets are phased: FY27 targets track the wave-based rollout so the scorecard shows progress, not perpetual shortfall. End-state targets apply from FY28.
Assessed annually against DAMA-DMBOK. Baseline established 2024. Committed target: DAMA Level 3 (Defined) across all key operational domains by end FY28. Each annual assessment reports progress against both baseline and target.
The Framework is explicit: structures stand up as and when Sponsors and SMEs are onboarded. This is the transition path — commitment, not just vision.
Try one: