When data governance becomes part of the product

The company designs and operates communications and control systems for critical infrastructure clients. Over time, projects grew more data-heavy: telemetry feeds, data platforms, AI components, and reporting layers were added around the core systems.

With that came recurring questions: Who owns which data? How is lineage tracked? What happens to sensitive telemetry or customer information? Privacy, retention and access controls were no longer side issues—they were at the centre of due diligence, RFPs and audits.

Up to this point, the firm had improvised governance on each engagement. Policies, glossaries and controls were reinvented project by project. It worked when there were a few clients. It did not scale when multiple critical infrastructure operators—and their regulators—started asking for evidence of standards, not just promises.

Leadership recognised that data governance had effectively become part of the product. To treat it that way, they needed dedicated ownership: a senior Data Governance Lead and a privacy specialist who understood both regulatory expectations and engineering realities.

Calimala was asked to help define these roles, map how they would work across the portfolio, and find the leaders who could make governance a reusable asset, not an afterthought.

From ad-hoc controls to a central governance function

Working with technical leadership and project managers, Calimala helped the firm move from “governance by project” to a central function with clear authority.

The first step was a role with a broad remit: a Data Governance Lead empowered to work across projects and accounts, rather than being tied to a single client. This role would define and maintain common standards—data policies, glossaries, quality rules, lineage practices—and ensure they were applied consistently to live systems.

Alongside it, Calimala helped define a Data Privacy Specialist focused on privacy-by-design: policies and DPIAs, consent and retention patterns, and close collaboration with legal teams and client risk officers.

We clarified how these roles would interact with solution architects and project managers so they were seen as enablers, not blockers:

• Governance and privacy leaders set standards, patterns and guardrails.

• Architects and engineers apply them in platform and application designs.

• Project managers coordinate client commitments, audits and documentation.

We also agreed on a pragmatic working model: on-site presence for key clients and critical reviews, combined with remote work for standards development, documentation and internal enablement.

Finding governance leaders who understand engineering

With the structure defined, the challenge was talent: governance and privacy profiles that understood complex technical environments—not just back-office systems and policy documents.

Calimala sourced candidates with real experience across data governance, metadata, quality and privacy in environments where uptime, security and regulatory pressure are all high. Shortlisted candidates showed:

• Practical experience creating data policies, glossaries and quality rules for live systems, not just theoretical frameworks.

• Familiarity with common tooling such as data catalogues, lineage and data quality platforms.

• Ability to work with engineers, project managers and client stakeholders in a way that protects compliance without blocking delivery.

• Structured profiles that highlighted governance achievements, regulatory exposure and communication style—technical, business-facing, or both.

Clients received clear evaluation packs that made it easy to see who could own the governance framework, who could lead privacy conversations with clients and regulators, and how they would plug into existing project teams.

What changed for the client

Once governance leadership was in place, the firm could respond to client audits and due diligence requests with confidence. Instead of rebuilding controls and documentation for every engagement, they reused a single governance framework across data and AI projects, adapting it where necessary but keeping the core consistent.

Observed outcomes included:

• A single governance framework applied across multiple data and AI projects.

• Faster responses to client security and due-diligence questionnaires, backed by documented standards.

• Reduced risk of inconsistent handling of sensitive data across engagements and teams.

• Stronger positioning when pitching for larger, more regulated contracts, where governance and privacy are key decision factors.

By treating governance as part of the product and hiring leaders who understand both regulation and engineering, Calimala helped the company turn a recurring weakness into a strategic advantage.