Tom Oliver Data Governance & Information Security
Open to opportunities
Hertfordshire, UK  ·  Remote or on-site
Assessment Report REF: DG-NOW-001  · 
For Immediate Attention
Subject

Data Governance — current posture,
persistent failures, and what to do about them

Assessment

Most governance programmes fail quietly. The policy gets written, someone files it, and eighteen months later it turns up in an audit with no owner, no evidence of enforcement, and three subsequent data migrations that nobody thought to mention. This is not a niche problem. Industry research consistently puts data ownership gaps and policy shelf-ware in the top handful of findings across sectors.

The tooling is rarely the issue. What organisations are usually short of is someone who has run infrastructure under pressure, argued a governance case to a room that does not want to hear it, and understands that a GDPR programme and a security posture are not two separate workstreams with a dotted line between them.

Thirty years of operational work across support, retail systems, fintech and large-scale data estates does not make someone a governance theorist. It makes them harder to surprise.

Governance Posture · Sector-wide patterns, 2024
Data Ownership Assignment Majority: unresolved
Policy Coverage & Active Enforcement Partial in most orgs
Data Classification Completeness Ongoing in most orgs
Regulatory Awareness (GDPR / UK GDPR) Generally present
Lineage & Provenance Documentation Minority: established
PII Exfiltration Risk Assessment Rarely completed
Tooling Investment Typically adequate

Patterns drawn from published research and sector surveys. Your mileage may vary. Probably not by much.

Specialisms
Data Governance Metadata management, data ownership, classification, retention, dictionary stewardship
Privacy & UK GDPR PII identification and protection, access governance, audit readiness, regulatory compliance
Information Security PCI-DSS, red/blue PII exfiltration testing, penetration test coordination, IAM reconciliation
Data Quality Identifying what's broken, finding out why, and making sure someone owns fixing it
Stakeholder Engagement Coaching engineers and analysts, senior stakeholder reporting, making governance legible to people who didn't ask for it
Operational Background 30 years across retail systems, banking infrastructure, digital asset management and large-scale data estates

If you are building a governance programme from scratch, picking up someone else's unfinished one, or trying to work out why the framework you already have is not actually working -- I am available, and I have done all three.

LinkedIn linkedin.com/in/tsoliver Email