Data Governance
Most corporates’ data estate consists of 80% ‘dark’ data: unstructured, unknowable, ungovernable. In a world of ever greater data protections and regulatory controls, that’s a dangerous state of affairs.

CCL can take that data ‘into the light’: from governance strategy and data mapping to data remediation and asset registers we can help transform high risk into high value. And with that transformation, opportunities open up to do business better, working in a more informed and strategic way.

It’s a capability that is built on our years dedicated to data - knowing how to find it, order it, evaluate it, put it in context; and on a select team who have decades of aggregate experience advising general counsel (GCs) and the C suite on the asset potential of their data estate.

Data governance strategy

Our strategic services are designed to give you a clear road map on how to safely and successfully move from the dark to the light. Our style is very hands-on, with a pragmatic but programmatic approach that will answer key questions including:

  • Where does your data sit?
  • Is it protected properly?
  • How accessible is it?
  • For what purpose is it accessed and by whom?
  • Are there organisation-wide policies in place to control the data?
  • Are their departmental policies in place to protect specific data stores?

The critical output is a project plan, typically broken into manageable work packages, that sets out all necessary steps needed to embed data governance firmly within an organisation.

Data mapping

A detailed data mapping exercise is the first step on any data transformation journey. It deals directly with the issue facing GCs and executives of ‘not knowing what they don’t know’. Its purpose is to shine a precise light on volumes, types, and locations, plus accompanying cost, governance and security implications.

We can advise on, support or fully manage data mapping projects, to include:

  • Data scoping - usually a prioritised approach by depart mentor data type
  • Indexing - effectively classifying every item to allow reporting on data types, size, location
  • Identification of Personally Identifiable Information
  • Mapping review - working with data owners/stakeholders to plan next steps in light of risks, dependencies, target milestones
  • Remediation assessment - Preparing for the remediation phase by identifying what needs to happen to which datasets eg defensible deletion of Redundant, Obsolete and Trivial (ROT) data, retention for regulatory purposes, locking down of data that must never go outside of the organisation
  • Jurisdictional analysis - Factoring in any jurisdictional requirements into the above elements
Data remediation

Remediation is the final stop on the data mapping journey - it’s when data sets get culled, tidied, labeled, ordered and protected. It’s when risk gets turned into value. You can finally apply to data the correct governance structure, including ownership, accessibility rights and control policies.

CCL offers an end-to-end remediation service in which we will:

  • Undertake the removal of ROT data in a fully defensible way
  • Design, build and test of workflows for fast, accurate and secure ‘fine-tuning’ of data corpus eg labeling
  • Report regularly to maintain accountability and keep a check on the integrity of the data, the process and the project teams
Microsoft 365 migration

The emergence of Microsoft 365 as the corporate solution of choice is a potential game-changer for data governance. With content in the Microsoft Cloud and M365's built-in security and compliance features, organisations can more easily and cost effectively handle their data management and discovery requirements within the one platform, as well as drive down legacy storage costs.

However, migrating an existing data estate sprawled across myriad locations or hidden in discrete silos can be a highly complex, high risk program. CCL has an exceptional blend of data know-how and Microsoft 365 expertise to take you forward quickly, safely and defensibly, setting you up on data governance best practice principles.

The earlier we enter the process, the more value we can add, the better outcomes we can underwrite. That is why increasingly we are engaging on a more turnkey basis, with programs encompassing strategy, mapping, remediation ahead of final migration of all workloads.

Response readiness

However well structured their data, however well protected their systems, however well documented their processes, organisations understand that their working world can never be a zero-risk game.

External bad actors, internal threats, inadvertent mistakes, willful wrong-doing, long-term ignorance or short-term opportunism, there’s always that chance of a data breach, a dawn raid, an IP theft, a ransomware attack, or a similar highly prejudicial event.

CCL works with clients to prepare for such events, building a comprehensive response playbook encompassing:

  • Company and department protocols, 24hr and 48hr planning checklists, reporting and notification requirements
  • Communications, messaging, chains of command
  • Technical investigation procedures; roles and responsibilities
  • Supplier management and coordination
  • Staff training

Forget the familiar scrabble to put the right team in place and start firefighting, this is all about encouraging a rapid but coherent, measured response to mitigate risk, brand damage and the financial hit.


A natural by-product of our work across digital forensics, data analytics and data governance is our GDPR offering - consulting around PII and PCI compliance, audits and spot checks of current procedures, and the handling of Subject Access Requests (SARs).

The onus in the GDPR era has always been on minimising the amount of personal data held, and ensuring what data is held is fully understood - where it came from, how it was collected, where it is stored, how it is processed, how long it will be held for etc. That’s why our data mapping and data remediation services are central to the management effort.

But GDPR is just another data-driven compliance challenge. The rationale behind our broader data governance program is to give clients absolute confidence in their data, in all scenarios.

Clients that put their trust in us

We're here to help
Our experts are on hand to learn about your organisation and implement tailored solutions.
Get in touch