 Live from Boston, Massachusetts, it's theCUBE. Covering IBM Chief Data Officer Summit, brought to you by IBM. Welcome back to theCUBE's coverage of the IBM Chief Data Officer Strategy Summit. I'm your host, Rebecca Knight, along with my co-host, Dave Vellante. We're joined by Sanjay Saxena. He is the Senior Vice President, Enterprise Data Governance at Northern Trust Corporation. Thanks so much for joining us Sanjay. Thank you, thank you for having me. So before the cameras were rolling, we were talking about how data governance is really now seen as a business imperative. Can you talk about what's driving that? Initially, when we started our data governance program, it was very much a regulatory program focused on regulations such as GDPR, anti-money laundering, et cetera. But now, as we have evolved, most of the program in my company is focused on business and business initiatives. And a lot of that is actually driven by our customers who want clean data. We are custodians of the data. We do asset servicing, asset management. And what the customers are expecting, as table stakes, is really clean data. So more and more I'm seeing it as a customer-driven initiative. Clean data, can you... So many, many businesses rely on data. Financial services, it's all about data and technology. But when you talk about clean data, you're talking about providing data at a certain threshold, at a certain level of expectation. You're used to data quality when it comes to cars and gadgets and things like that, but think about data. And having a certain threshold that you and your customer can agree on as is the right quality of data is really important. Well, and that's a lot of the sort of governance role. You know, it was sort of a back office role, but then it evolved and began to add value, particularly in the days where, I've been talking about data warehouse was king, you know, master data management and single version of the truth. Data quality became a way in which folks in your role could really add business value. How has that evolved in terms of the challenge of that with all the data explosion? You know, Hadoop and big data, it just increased the volumes of data by massive, massive amounts and then lines of business started to initiate projects. What did that do for data quality, the data quality challenge? So the data quality challenge has grown on two dimensions. One is the volume of data. You simply have more data to manage, more data to govern and provide an attestation or a certification to say, hey, it's clean data, it's good data. The other dimension is really around discoverability of that data. We have so much of data lying in data lakes and we have so much of metadata about the data that even governing that is becoming a challenge. So I think both those dimensions are important and are making the jobs of a CDO more complex. And do you feel maybe not specific to you but just as an industry that let's take financial services, is the industry keeping pace? Because for years, very few organizations, if any, have tamed the data. It's just a matter of keeping up. Is that changed or is it sort of still that treadmill? It's still evolving. It's still evolving from my perspective. Industries, again, started to manage the models that they had to deliver to the regulators as essential. But now more and more they're looking at customer data. They're saying, look, my email IDs have to be correct. My customer addresses have to be correct. It is really important to have an effective customer relationship. So more and more we are seeing front office driving data quality and data quality initiatives. But have we attained a state of perfection now? We are getting there in terms of more optimization, more emphasis, more money and financials being put on data quality, but still it is evolving as a... You talk a little bit about the importance of the customer relationship. And this conference is really all about sharing best practices, what you've learned along the way, even from mistakes. Can you share a little bit with our viewers about what you think are the pillars of a strong customer relationship, particularly with a financial services company? Right, so in the industry that we are in, we do a lot of wealth management. We have institutional customers. But let's take the example of wealth management. These are wealthy individuals who have assets all around the world. It's a high touch customer relationship kind of a game. So we need to not only understand them, we need to understand their other relationships, their accountants, who their doctors are, et cetera. So in that kind of a business, not only is it about high touch and really understanding what the customer needs are, and going more towards analytics and understanding what customers bond, but really having correct data about them, where do they live, who are their kids, et cetera. So it is really data and CRM, they actually come together in that kind of environment, and data plays a pivotal role when it comes to really effective CRM. Sanjay, last time we talked a little bit about GDPR, can you give us an update on where you're at? I mean, like it or not, it's coming. How does it affect your organization and where are you in being ready for the, I mean, GDPR has taken effect. People don't realize that, but the penalty is going to affect next May. So where are you guys at? So we are progressing well on our GDPR program, and we are, as we talked before this interview, we are treating GDPR as a foundation toward data governance program, and that's how I would like other companies to treat GDPR program as well, because a lot of what we are doing in GDPR, which is mapping out sensitive data across hundreds of applications, and creating that baseline for the whole company so that any time a regulator comes in and wants to know where a particular person's information is, we should be able to tell them in no uncertain terms. So we are using that to build a foundation for our data governance program. We are progressing well in terms of all aspects of the program. The other interesting aspect, which is really important to highlight, which I didn't last time, is that there is a huge amount of synergy between GDPR and information security, which is a much older discipline and data protection. So all companies have to protect the data anyway. Think about it. Now a regulation comes along and we are in a systematic fashion trying to figure out where all our sensitive data is and whether it is controlled, protected, et cetera. It is helping our data protection program as well. So all these things, they come together very nicely from a GDPR perspective. I wonder, you remember the federal rules of several procedure. That was a big deal back in 2006. And the courts, maybe weren't as advanced as understanding technology is, technology wasn't as advanced. What happened back then, and I wonder if we could compare it to what you think will happen or is happening with GDPRs, it was impossible to solve the problem. So people just said, all right, we're going to fix email archiving and plug a hole. And then it became a case where if a company could show that it had processes and procedures in place, they were covered. And that gave them defense and litigation. Do you expect the same will happen here or is the bar much, much higher with GDPR? I believe the bar is much, much higher because when you look at the different provisions of the regulation, right, customer consent is a big, big deal, right? No longer can you use customer data for purposes other than what the customer has given you the consent for. Nor can you collect additional data, right? Historically, companies have gone out and collected your not just your basic information but may have collected other things that are relevant to them but not relevant to you or the relationship that you have with them. So it is, the laws are becoming or the regulations are becoming more restrictive and really it's not just a matter of checking a box. It is really actually being able to prove that you have your data under control. Yeah, so my follow-up there is can you use technology to prove that? You can't manually figure through this stuff. Are things like machine learning and so-called AI coming into play to help with that problem? Yes, absolutely. So one aspect that we didn't talk about is that GDPR covers not just structured data but it comes unstructured data, which is huge and it's growing by tons. So there are tools available in the marketplace including IBM's tools which help you map the data or what we call as the lineage for the data. There are other tools that help you develop a metadata repository to say, hey, if it is data birth, where does it reside in the repository, in all the repositories in fact. So there are tools around metadata management, there are tools around lineage, there are tools around unstructured data discovery which is an add-on to the conventional tools and software that we have. So all those are things that you have in your repository that you can use to effectively implement GDPR. So my next follow-up on that is does that lead to a situation where somebody in a governance role can actually, going back to the data quality conversation can actually demonstrate incremental value add to the business as a result of becoming expert at using that tooling? Absolutely, so as I mentioned earlier on in the conversation, you need governed data not just for your customers, for your regulators but for your analytics, right? Now analytics is yet another dimension of it. So you take all this information that now you're collecting for GDPR, right? And it's the same information that somebody would need to effectively do a marketing campaign or effectively do insights on the customer, right? Assuming you have the consent of course, right? We talked about that, right? So you can mine the same information. Now you have that information tagged, it's all nicely calibrated in repositories, et cetera. Now you can use that for your analytics, you can use that for your top line growth or even see what your internal processes are that can make you more effective from an operations perspective and how you can get there. So you're talking about these new foundations of your data governance strategy and yet we're also talking about this at a time where there's a real shortage of people who are data experts and analytics experts. What is Northern Trust doing right now to make sure that you have enough talent to fill the pipeline? So we are doing multiple things. Like most companies, we are trying a lot of different things. It's hard to recruit in these areas, especially in the data science area where analytics and people not only need to have a certain broad understanding of your business but they also need to have deep understanding of all of the statistical techniques, et cetera. So that combination is very hard to find. So what we do is typically we get interns from universities who have the technology knowledge and we couple them up with business experts and we work in those collaborative kind of teams. Think about agile teams that are working with business experts and technology experts together. So that's one way to solve for that problem. Great, well Sanjay, thank you so much for joining us here on theCUBE. Thank you, thank you again. We will have more from the IBM CDO Summit just after this.