Data Governance in action: the Chief Data Officer, the Chief Information Security Officer and the Perks of collaboration

In today’s business landscape, it’s undeniable that data has become a valuable asset. And as with any prized possession—be it your car, your house, or your book collection—you don’t want it to be stolen, misused or tampered with. Hence, you protect it at all costs. In the specific case of data, you also want it to be on the executive management’s mind and have a prominent place on the board’s agenda.  

In this regard, the Chief Data Officer (CDO) and the Chief Information Security Officer (CISO) have crucial roles to play. They have distinguished functions though: while the CISO focuses on data protection to mitigate cyber threats, the CDO ensures its proper structuring and governance. 

When they work together though, their mission expands. You can picture them as architects designing a solid foundation—data governance—to ensure that data is well-managed, protected and aligned with an organisation’s goals. (We will come back to this analogy later.)  

In this blog, we explore in detail how important the collaboration between the two roles is and the need for independent reporting structures, while emphasising the value of data as a strategic asset. But first, let’s examine why you should have a robust data governance framework in place. 

Don’t have time to read the whole blog entry? Then watch our “Blog in 1 minute” video for a quick summary of its main points

The multi-faceted benefits of strong data governance 

 We would like to highlight three significant benefits organisations can’t afford to overlook 

  1. Ensuring regulatory compliance: A well-established data governance programme helps your organisation define clear data governance policies, implement data protection measures, and streamline data management practices, which enable organisations to comply with a range of regulations.


    For instance, under the General Data Protection Regulation (GDPR), organisations need to protect European Union citizens’ personal data and adhere to data subject rights. Similarly, in the financial sector, regulations such as the Markets in Financial Instruments Directive 2014 (MiFID II) and the Capital Requirements Regulation 2013 (CRD IV) require accurate data recording, reporting and risk management, which are all dependent on effective data governance.

    By adopting this proactive approach, you minimise potential penalties and legal risks associated with data mishandling and ensure you are compliant with various supervisory authorities’ data regulations.

  2. Driving business productivity and innovation: If you want to make informed business decisions and drive operational efficiency—which we think you do—then it’s paramount that your data is reliable and trustworthy. Effective data governance practices ensure exactly that: data accuracy, consistency and accessibility. This, in turn, empowers teams in your organisation to collaborate, share insights and innovate. 

    Moreover, data governance serves as a prerequisite for capitalising on artificial intelligence (AI) technologies, automating processes, enhancing customer experiences and gaining a competitive edge.

    When you establish a strong data governance, you enable your organisation to harness its data’s full potential to drive productivity and innovation while ensuring compliance with the supervisory authorities’ data regulations.

  3. Protecting and securing valuable data: Last but not least, it’s becoming an imperative for organisations to allocate appropriate efforts and resources based on data sensitivity, particularly given the increase in cyberattacks and data leaks (intentional and unintentional). 

    A robust data governance framework allows you to better protect and secure your data by incorporating comprehensive security measures to safeguard data from unauthorised access, breaches and cyber threats, especially for sensitive information such as personally identifiable information (PII), trade secrets or financial data. 

    Moreover, you want to implement strong authentication methods, robust encryption techniques, and access controls. These provide an additional layer of security for such sensitive data, while regular security audits, proactive threat intelligence and ongoing monitoring will further fortify your security posture.  

To sum up, by gaining a deep understanding of the sensitivity and criticality of distinct types of data, you can prioritise your organisation’s security efforts accordingly. 

The CDO and the CISO: A harmonious collaboration 

Another key step is to recognise the importance of data security in proportion to its sensitivity. This enables organisations to strike a balance between protection and usability. More precisely, by applying the appropriate security measures, you are safeguarding the data’s confidentiality, integrity, and availability, but also preserving its usefulness and accuracy for business decision-making processes.  

Additionally, when you tailor your security efforts to the information’s sensitivity level, your organisation can mitigate risks more effectively, maintain stakeholder trust and comply with industry regulations. 

This approach also allows you to allocate resources more efficiently, which ensures that the most critical data receives the highest level of protection while optimising operational efficiency and reducing unnecessary costs. 

In this grand performance called data governance, the CDO and CISO are the star performers. Their collaboration brings forth three main benefits: 

  1. Comprehensive data protection and risk mitigation: Together, CDO and CISO harmonise data governance practices with robust cybersecurity measures. Doing so provides a comprehensive defence against data-related risks. In sum, they are the vigilant guardians, identifying and pre-emptively addressing potential threats.


  2. Effective alignment of compliance and governance: The CDO’s focus on structuring data and governance policies seamlessly complements the CISO’s security controls and risk mitigation strategies. Together, they ensure compliance with regulatory requirementssuch as GDPR, CRD IV, MiFID II, AI Act (not yet in force), among othersthrough their collaborative insights and initiatives.


  3. Building a strong data governance foundation: Consider data governance as the blueprint for a sturdy building (we said we would come back to the analogy, and we keep our promises). As mentioned before, the CDO and the CISO, just like architects, use their expertise to create a structure that ensures your data is properly handled and safe, and withstands the test of time.
Why independent reporting matters 

Maintaining independent reporting structures for the CDO and CISO, separate from the Chief Information Officer (CIO), is crucial. That’s because when they report directly to the executive leadership or the CEO, they can provide independent updates on data governance and cybersecurity, ensuring clarity and objectivity in decision-making for critical data-related matters.  

Due to this arrangement, senior management will have a holistic view of risk management, compliance, and strategic decision-making, without any biases that may arise from reporting to the CIO. 

Biases, in this context, can manifest in several ways. For example, a CIO might prioritise IT initiatives that align with the department’s goals or budget constraints, potentially overlooking or downplaying certain data governance or security concerns.  

Hence, this hierarchical reporting structure, with the CIO in the middle, can unintentionally filter or influence the information that reaches senior management, which could impact their ability to make well-informed, impartial decisions. 

By removing this potential filter and having the CDO and CISO report directly to senior leadership, you ensure that all pertinent information, including any concerns or risks, is conveyed accurately. 


Collaboration between the CDO and CISO is akin to a well-practiced duet in the realm of data governance. Their collective efforts ensure comprehensive data protection, risk mitigation, regulatory compliance, and the harmonious alignment of data governance frameworks.  

Moreover, when organisations maintain independent reporting structures, they gain a clear view of what’s happening, equipping them to successfully navigate today’s dynamic business landscape and be better prepared for the future.  

Recognising the immense value of this collaboration empowers your organisation to unleash the full potential of your data as a critical strategic asset and propels you towards sustained success. 

Find out more on our Technology Services page.

What we think
Maxime Hoscheck

In the digital age, data is not just a resource; it’s an organisation’s most precious asset. Embrace collaboration, foster transparency, and cherish the value of data. With strong data governance, you pave the way for a brighter, more secure, and innovative future.

Maxime Hoscheck, Senior Manager, Data Governance, at PwC Luxembourg 

Today we live in a world of data, where the partnership between a Chief Data Officer and a Chief Information Security Officer forms the backbone of a secure and innovative environment. Together, they fortify data-driven innovation, paving the way for trust and success to thrive.

Simon Petitjean, Cybersecurity Director, at PwC Luxembourg
Simon Petitjean

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top