Data Governance at Trendyol

Hello My name is Zeliha Nur Kiriş. I am working as a Data Product Owner at Data Management Tribe. The goal of this article is to explain how we applied the data governance process at Trendyol. For any organization that creates, manages, or uses data, data governance is a critical foundation. The way to manage data must be consistent with the organization’s data definition, data quality definition, and data governance framework. Inconsistent data can cause significant problems for the organization, including increased operational costs, decreased customer satisfaction, and risk of regulatory compliance issues.

With the change in regulations, we understand the importance of data governance more and more every day. We disseminate each step of data governance within the company and revise applications according to these changes. Nowadays, the field of data security has become even more important because we are talking about which platform to collect data and where to write it, the use of personal data and big data regulations.

What is Data Governance?

Data governance is the practice of identifying important data across an organization, ensuring it is of high quality, and improving its value to the business.

As you see above, there are a lot of components in the DG processes. We will focus on authorization in the part of security. As a result of the developing world and growing data, it has become difficult for people to reach the data they want. There is a wide variety of data sources, the operational work has increased to get this data. It takes time to clean the data and make the data meaningful. In order to draw meaningful conclusions from the data, detailed analysis should be made by establishing a relationship with many tables. Not everyone can access all data. Therefore it becomes difficult to generate knowledge from data.

Our big concern here is to ensure that the right person reaches the right data at the right time. In this way, we can also manage who can see sensitive data.

Data governance processes in Trendyol started with data catalog, data quality and continued with the change of Authorization structure. As data sources and types increased, management became more difficult. In order to manage this process correctly, we included the data owners.

All authorizations in the system were done by technology teams. With the growth of data and the separation of domains, the number of requests increased. The reason for the decision to change the process is that those who own the data will have control over who can access the data and the quality of the data.

In order to create the new process, process diagrams were created considering the data owner, technology, table and domain details. The main concerns here were as follows.

• If a table has more than one data tag, how should it proceed?
• If the user requests permission to more than one table, how should it proceed?
• In which cases should the system be automated?
• Should requests to data owners go in series or in parallel?
• Should we include the level of priority?

Within the scope of authorization, tags are assigned to each table according to its content. The user opens an authorization request for the tables he/she wants to access. Mails determined as whitelist are checked. If the user has previously authorized the data tags containing the tables, new tables are automatically authorized. If not, the process continues. The relevant data owner is determined. The request is sent to the data owner via ITSM (ticket system). If appropriate, authorization is given and the relevant data tag is recorded in the system. If it is rejected, the request is closed and the user is informed.

After the process was determined, technical infrastructure developments were completed in the test environment. Table name, data owner, ticket requester are now able to communicate with each other. The cases to be tested were determined. These were tried in the test environment and the process was rearranged according to the feedback.

These studies were carried out for a domain (domain means business group like sales, finance etc.) and the new process went live. This work was shown as a case study for other domains, and its dissemination was faster for the company. As new domains carried out this work, new needs emerged and the system was revised accordingly. We wanted approval every time according to data tags, we automatized this process, the user requested approval for the same tag before, and automatic authorization is defined for the table.

The project steps are as follows:

• Authorization process defined
• Within the scope of authorization, domains to be included in the project were determined
• Data owners were determined
• Tools & technologies to be included in the project were determined
• The project completed with one domain
• Improvements have been made in related technologies
• The people involved in the project were informed
• System went live
• The system was revised according to the needs
• In order to be sustainable, maintenance and training continue at certain periods.
• Finally, data governance KPIs were determined and the project was followed.

Why are data owners important for a company?

A data owner is responsible for the categorization, protection, usage, and quality of one or more data sets. They know every data property so we included them in the processes. Data ownership enables resources to enact business standards, guidelines, and processes to make and implement important decisions regarding data. A business data owner is typically at the senior executive levels that are accountable for the data assets of a particular data domain (Client, Product, Transaction, Claims, Policy, and Financial etc.) and Segment (Insurance, Reinsurance and A&H).Thanks to data ownership, they will make decisions about their own data. In the future, they will also manage the data quality.

How does this project affect the authorization process?

Analyzed a two-month period and with data owners including the system, 60 table requests were sent to 13 different data owners. Every table owner decided to approve or decline permission. When other domains go live, we will be able to analyze all the effects of this project. We examined which data owners take how many requests? What is the requested answer duration? How many requests are accepted or rejected? With these questions answered, we will arrange new rules and training sessions.

In our dashboard, there is 2 monthly summary. For the Session tag, we took 16 tickets. 12 of these tickets were accepted and 4 of these tickets were rejected. Their average duration is 141 hours and 297 hours respectively.

After these processes were completed, we developed policies for the correct use of the processes. These policies specifically emphasize privacy, security, access, and quality. Our most important goal here is to protect and secure high-quality data on Trendyol. Governance policies form the basis of our broader governance strategy and enable us to clearly define how governance is carried out.

What are the facing difficulties in the project?

At the beginning of the project, the tables were matched with the related data owner. We had a hard time determining the contents of the tables and choosing the relevant data owners. As a result of a detailed examination, we matched the appropriate data owners.

We had difficulties in raising awareness of this process in data owners. Dwh and the security team organized meetings and training sessions for each data owner.

It was difficult not to have a separate data governance team to carry out the process. We carried out all of these works as the DWH team. We worked with legal, security, technology and analytics teams and completed it successfully.

What are the next steps?

Phase 1, our project is live. For phase 2, we created a dashboard for the following project KPIs and we want to show data owner information to the data catalog. In the last phase, we will integrate this process at the dashboard tool and add new quality standards.

Join us to develop millions of coupons and high throughput applications. We have a lot of challenges.