Data Protection: Has the role of a CXO Evolved?

Prasanjit Saha


 Multiple access channels, proliferation of devices and constantly connected customers have been leading the creation and consumption of data on an ongoing basis. Organizations have long realized the importance of data as a strategic asset in driving success. However, challenges still loom large when it comes to managing terabytes of data residing in different parts of the organization. Further, enterprises also need to be cognizant of the dangers that arise due to loss of data or more importantly due to data misuse in the wrong hands. 

The task of a CXO when it comes to data protection is imperative. Not only does he have to know where the data is present but he also needs to understand what it takes to safeguard the data and the cost of data loss. Gone are the days when data used to be freely accessible to multiple people in the organization. Now the CXO has to ensure that only the right people at the right level have access to the right data.

Why is data protection important?

The pace of change in the business environment has been nothing short of exponential. Rapidly changing technology landscape combined with socially and technologically savvy customer base, has been leading to an astronomic rise in meaningful data for making strategic business decisions. Organizations are going to extreme extents to collate data, analyze it to understand consumer behaviour and design their business decisions based on outcome provided by data analysis. This is further compounded by change in regulatory environments, blurring transaction lines across geographies and regulatory frameworks.

Data needs to be protected. Whether it is business data that houses information on consumer base and buying behaviour or regulatory data crucial to the working of organizations across geographies, loss of data can have far reaching implications. Some of these include loss in brand value and customer confidence, legal actions on account of regulatory data loss and increase in customer attrition due to data loss to a competitor. 

What should a CXO do to protect data?

Data protection is simply not a technology problem that can be solved by implementing a software platform. Many CXOs are impressed by the technology cloud and undertake data protection initiatives without understanding its true implication and objectives. They fail to understand that data protection goes beyond protecting data from misuse, to ensure the availability of accurate and business intensive information that can be used by the organization to take meaningful decisions. 

The primary step that a CXO should take is to understand the value of the data that is being protected. This is the most easily overlooked area. By associating a value to the data that is being protected, the CXO is able to convince and get the required buy-in for data protection measures from senior stakeholders in the organization. This buy-in will further drive the necessary investments as well as senior management focus.

The next step is to ensure that data protection and governance is an organization wide initiative and can’t operate in silos. The true ability of the CXO lies in his power to roll it enterprise wide and ensure that there are champions in each and every line of business to make it a success.

The third and critical step is to create an apt data governance strategy. Here again many organizations fail, putting a lot of emphasis on strategy and not really seeing it to execution. Along with strategy, a roadmap for execution with clearly articulated milestones and responsibilities is a must. On a periodic basis, checks and balances along with evaluation need to be carried out to ensure the effectiveness of the initiatives that are being undertaken.

The fourth step includes initiatives aimed at making data governance mechanisms up to date with the changes happening in the macroeconomic environment. Specifically taking an example of regulatory guidelines that change on a constant basis, if an organization is not harmonized with the existing legal and regulatory frameworks, it is susceptible to failure and might also end up facing risks to its reputation and revenue on account of penalties.

The final step is to keep an open mind when it comes to altering data protection frameworks. With the advent of newer technologies, sources of data have undergone a sea change and so has consumption of data. A CXO needs to ensure that the data governance framework that is being laid out is robust enough to counter the challenges posed by new age technologies like cloud, social and mobile. The technicalities involved in these are challenging and also evolving on a rapid basis. In such a situation, it is not only sufficient to have a governance mechanism in place that addresses these new age platforms but also changes itself over the course of time to address any ongoing developments that pose a challenge to data protection.


In the current macroeconomic environment with rapidly changing technology landscape, data protection strategies have moved from being ‘good to have’ to ‘must have’. Organizations are increasingly dependent on quality data to make intelligent business decisions. Data protection strategies, tools and frameworks are being increasingly sought after, however effective data protection strategy goes beyond these to encompass the right mix of culture, strategy and execution. It’s imperative for CXOs to take note of this change in data protection and governance for the betterment of the organization.