CDO: do you need one?
As the role has evolved, generating much debate, is question now settled as to the necessity for this position? Alex Meehan asks the hard questions
17 February 2020 | 0
There was a time when the make-up of the so called ‘C-suite’ of executives was pretty much fixed but over time, a growing number of new roles have acquired the prestigious ‘chief’ prefix, and from a technology point of view one of the most interesting is chief data officer or CDO.
It is widely acknowledged that the first CDO was appointed by financial services company Capital One in 2002, so it is not a particularly new designation. At the beginning, there was much debate about whether any company needed a full time CDO but in the nearly two decades that have passed since, the role of data in business has only increased in importance.
However, at the same time that we have seen the rise of Big Data and data analytics driving enterprise decision making, the way in which data is created, collated, stored and interrogated has also changed enormously. So just what should the duties of a CDO be, should your organisation have one if it does not already and if it does, should it really be a C-suite role?
“A CDO is somebody who is good at translating people’s information requests and needs. It’s someone who is good at finding out what it is that you want and how to make that a definite thing, and not just make better decisions because, I mean, how are you ever going to prove you made better decisions, right?” said Debra Logan, vice president and distinguished analyst for Gartner.
“It’s someone who can dig into requests and understand what they’re about and come up with business-facing solutions. They should have a good understanding of analytical methods and they should also be able to talk to people. You’re looking for someone who can speak in a more precise and informed way about technology than the typical businessperson but make their thoughts understood to people who are less technical than them.”
“They’re not the typical IT guy who may actually have gotten into IT because they don’t really want to talk to anybody in the first place.”
On the subject of seniority, Logan said that the role needs to extend across the organisation but that does not necessarily mean it should be a C-suite role.
“It’s a good question. Most people agree it should be a C-suite role and in my mind the reason is because it needs to be cross-role. IT serves everybody in the organisation, and it needs to be cross-role because that’s the only way you get leverage. But does it need to be a C-Suite? I don’t really think so,” she said.
“Is it a role that isn’t necessary? Absolutely not. Data isn’t going anywhere, it’s here to stay. I think sometimes people confuse digital and data. For example, take digital transformation – what’s that? Digital transformation is a digitising processes, putting processes online, making them faster, making them safe straight through.
“Once you’ve done that, it’s done and over, but data goes on. I use the chief financial officer (CFO) analogy – just because you closed off the books for the year, paid your taxes and know how much money you have, doesn’t mean you’re finished. Money doesn’t work like that, and neither does data.”
By this logic, the role of working with and streamlining the use of data in the enterprise is an ongoing exercise. The CDO should be a permanent function that continuously evaluates, puts governance and other analytics in place and oversees ongoing education.
“A big part of the role as I see it, is teaching people in organisations how to really use data and to hypothesise and test rather than go, ‘here’s what I want to do, I’m going to go out and find the data that supports a conclusion I made up because it gets me my bonus or it gets me a promotion,’ or whatever have you, so yeah, it’s here to stay,” said Logan.
Bank of Ireland appointed Peter Dunne to the position of chief data officer in June 2018, making it relatively late to the game in this regard. However, Dunne says that the banking crises had put paid to the bank’s ambitions to create this role for some time before that.
“As an institution, Bank of Ireland came out of its crisis period and after we’d paid back the state investment with some interest, we were back to a place where it could be business as usual, where we could be a normal commercial organisation again,” he said.
“At that point, we were able to relook at the structures that were required for the bank going forward to make us a champion bank. And as we looked across what we were doing with data we realised there was a lot of data analytics activity going on.”
Up to this point, each section of the bank was operating as stand-alone internal organisations from a data point of view.
“Marketing was doing items with data. Risk was very advanced in terms of using modelling et cetera, for credit risk modelling. And we realised we needed to take a holistic approach to this and to look at it from a pan-organisation, enterprise level,” said Dunne.
This presented a challenge and in looking at how best to address it, Bank of Ireland looked at different organisational models.
“We asked if we should do a completely federated model, or a completely centralised model or a combination of the two. We looked at organisations around the world, both banking and non-banking, and we decided that what we call the ‘hub and spoke’ model was most fit-for-purpose for the bank,” he said.
“So, we would do the data engineering, infrastructure, architecture – the data management – centrally and we would do the analytics and the value on a hub and spoke model. To do this we worked really closely with our colleagues in fraud, risk and marketing.”
The end result is that the data department of Bank of Ireland aims to be the data provider for those internal organisations but at the same time it needs to lead the analytics activities.
“You need that business expertise and it’s quite a different thing to do a risk model for regulatory purposes as it is for a churn model or a customer fraud model, so there’s some very basic skills and we share all that and have the same ways of working but it’s very important to stay close to business as well in those areas,” said Dunne.
In terms of the nitty gritty, the data function in Bank of Ireland has four branches at the moment, each closely aligned to its core activities at the group’s data office.
“The first function we have is data infrastructure architecture engineering, putting the key components of our data infrastructure in place. This is about figuring out the patterns, looking at how we ingest data, how we gather it together for analytics and for other purposes,” said Dunne.
“The second piece is data management, what people would often call data governance. This is about making sure the data is of sufficient quality to meet all the standards, to curate it and so on. The third element is advanced analytics, in other words, looking at how do we use data in terms of very basic reporting but also in terms of the very most complex predictive analytics or prescriptive analytics and into cognitive.”
The fourth function is something that Dunne thinks is probably slightly unusual in that it is not replicated very widely, however, he is convinced it adds significant value.
“The fourth element is our data value team, which basically looks at how all our data activities add value. We ask how are we using this data for the customer’s benefit, for the bank’s benefit and so on, obviously with everybody’s permission. The question is how do we actually make Bank of Ireland a better place for our customers, our colleagues and our communities.”
These four elements work together in a particular way. The first three are relatively passive in terms of their outlook. They rely on data to come to the organisation while the fourth and last element is more active, going out and looking for use cases to push the organisation on. On the subject of whether having a CDO is necessary for all enterprises, Dunne is relaxed.
“I think it depends on the size of the organisation. Without a doubt you have to have someone who is responsible to the customer for data, but whether it’s a part-time role or a full-time role depends on the size of the organisation. Regardless, you should definitely have an advocate for the customer, for the consumer,” he said.
“Because the reality is that we’re all consumers and in my private, non-work related life, I’m very conscious of my personal data. We’re all familiar with instances where things have gone horribly wrong. Interestingly most of the cases that we see of things going wrong seem to happen with new tech companies as distinct from traditional companies like those in financial services and elsewhere.”
The overall goal of any CDO should be to help their organisation strive to be a better data-driven decision organisation.
“Bill Schmarzo who is a thought leader in the data value space, gets annoyed when people talk about data as the new oil. He says it’s not, it’s the new sun, because once you put it in place, it continues to deliver value and he’s right,” said Dunne.
“It doesn’t deplete, and that value can accrue to the organisation and it can be value for the customer. A lot of what we’re doing with analytics has resulted in new products which are good for us as a bank but are actually also superb for the customer. It’s hard to argue with that.”
Tom Hulton is An Post’s head of data privacy and chair of the Association of Data Protection Officers (ADPO) and is well placed to look at the way Irish companies are treating the issue of how best to make use of data.
“I think it’s extremely important to have someone in charge of data in any large organisation, but whether that person is a CDO or has some other title like data protection officer or whatever is less important. We use the term DPO because it’s the statutory term but regardless of the title, it’s a crucial role,” he said.
“It has to report to the most senior level of management. The law on this states in part that the data protection officer shall directly report to the highest management level of the controller of the process. So, it’s a legal requirement.”
It is clear that the General Data Protection Regulation (GDPR) regulations are intended to make sure that this role is taken seriously at a corporate level.
“Whether you call it a C-suite role or not, whether it’s a support function that reports into the chief executive or whatever, it certainly needs access to the chief executive and to the board, I would have thought,” said Hulton.
As to whether this is being done correctly in Ireland at the moment, that remains to be seen.
“Well, we have a situation that our Data Protection Commissioner found against the Department for Social Protection on the legality of making its public services card mandatory, so that’s not a great start to things,” he said.
“It’s good that the DPC looked into it, but it’s a bad start that something like that was referred in the first place. It’s only when there’s actually enforcement of data protection legislation that people start to take it seriously, it’s the usual story,” he said.
“The people who were good at this sort of stuff will be doing it anyway and the people who aren’t won’t care, so it needs enforcement to bring them into line. Unfortunately, some people have to be made an example of if they’re not compliant.”