Data Governance in the Pharmaceutical Industry: the External Data Governance Board (EDGB) proposal



Join Our Newsletter

Subscribe to the Datasphere Pulse for updates on data governance news and activities.

Gabriel Araújo Souto, Fellow, Datasphere Initiative


Data drive innovation across the private sector and help companies become more efficient, closing supply and demand gaps in technology, infrastructure, and labor skills. Through data governance boards, companies can resolve disputes, such as disagreements between different business units over data definitions and formats. However, data governance boards still are not widely implemented – and those implemented are not diverse when it comes to stakeholders on the board. As part of my Fellowship at the Datasphere Initiative, I will study the data governance board model, an important aspect of responsibly unlocking the value of data for all. Focusing on data governance in the pharmaceutical industry as an example, in this blog I explore why external data governance boards are necessary and when constructed and deployed effectively can lead to more responsible and impactful data governance practices.

Data governance is a significant part of corporate governance best practices as people are demanding a greater sense of transparency and are more cognizant of how companies use their data. On the other hand, data is fundamental for business improvements. According to Harvard Business Review Analytics Services, 67% of executives interviewed say data governance is essential to achieving high-quality enterprise data.¹

This is particularly important when comparing the results of an Adobe and Econsultancy survey in which out of 179 respondents in the healthcare and pharmaceuticals sector, 75% of them report that they are “Highly effective” (20%) or “Effective” (55%) at “Communicating to customers how their data is collected and used”. However, 25% still say they are “Ineffective” (21%) or “Highly ineffective” (4%) at communicating with customers about their data.²

Therefore, there is a pressing need for data governance boards, which are groups of people who work together to develop an organization’s policies and practices in order to treat its data as a strategic asset. It also resolves disputes, such as disagreements between different business units over data definitions and formats. Generally, a data governance board is led by the Chief Data Officer (CDO).

If an organization doesn’t have a CDO, another C-suite executive will usually serve as the senior executive who oversees a data governance program and has high-level responsibility for its success or failure. Other core members of a data governance board are the data governance manager and team, as well as the data stewards. Also, it may include delegates from core function teams of marketing, sales, finance, and human resources; all teams that depend on accurate data to perform their jobs effectively.

Benchmarking across sectors

It’s important to highlight that data governance boards already exist in the public sector and academia. For example, in the United States, the Foundations for Evidence-Based Policymaking Act of 2018 (Evidence Act) requires all U.S. agencies to create a data governance body led by their CDO. Moreover, the University of North Carolina School of Medicine created a data governance board to promote and support the effective use of academic data at the School of Medicine. 

In a more generic approach, Aden University and the University of Nevada, Las Vegas created a data governance board that recommends and oversees their data governance program across their institutions. This includes a robust set of policies, practices, and data definitions to ensure appropriate use by their institutions. 

Additionally, the Government of Ireland created the Open Data Strategy, which is focused on making data held by public bodies available and easily accessible online for reuse and redistribution. The Open Data Governance Board was established in 2016 to work in the public interest. It leads the Open Data Initiative and oversees the implementation of the Government’s Open Data Strategy. The Board is made up of 10 to 12 representatives from academia, the public service, business, media and civil society, and it’s an example of how an External Data Governance Board (EDGB) works with a focus on the public sector. 

Recently, Sanofi, a leading pharmaceutical and healthcare company, launched a Diversity, Equity and Inclusion (DE&I) board with outside advisors, the first of its kind in the pharmaceutical industry. The new additions will serve three-year appointments on the board and are related to organizational psychology, social entrepreneurship, and DE&I pioneering.³

EDGB for the pharmaceutical industry

In the pharmaceutical industry, the use of data can lead to backlash from patients and consumers directly and indirectly affected by a data governance program. Especially for pharmaceutical companies in their pharmacological studies and business analytics, they might end up using inconsistent versions of the same reference data, create duplicate studies in different systems, and waste time harmonizing, mapping, and stitching this data together.⁴

Various procedures in CDM including Case Report Form (CRF) designing, database designing, data-entry, data validation, medical coding, data extraction, and database locking are assessed for quality at regular intervals during a trial.⁵ Moreover, pharmacovigilance – a branch of pharmacology encompassing all scientific and data-gathering activities relating to the detection, assessment, understanding and prevention of adverse events –⁶ is adopted to mitigate the risks of flawed medicines and devices through the use of data governance. However, despite these methodologies, due to recent high-profile drug safety problems, the pharmaceutical industry is faced with greater regulatory enforcement and increased accountability demands for the protection and welfare of patients.⁷

According to the Organisation for Economic Co-operation and Development (OECD) study “Health Data Governance: Privacy, Monitoring and Research”, only with strong health data governance frameworks can governments safely enable data use to improve healthcare quality and performance.⁸ Furthermore, the study presented a data governance framework with mechanisms and best practices to protect health data privacy at all stages of data development and use is the best way forward to create an environment within which the benefits of safe data use can be realized.⁹

Therefore, an EDGB in pharmaceutical enterprises, with representatives from government, academia, private sector, and civil society could help to mitigate future misuses, public relations damages and lawsuits while prioritizing data ethics. Such an  EDGB could provide technical advice and sector perspectives on how a pharmaceutical data governance policy should be established and will be consulted periodically when an ongoing data governance program may impact one or more of these stakeholders.

Key considerations for an EDGB in the pharmaceutical industry

The findings of the OECD study, when associated with the potential of an EDGB in pharmaceutical enterprises, lead to the following needs (i) project approval processes need to be fair and transparent and decision-making is supported by an independent, multidisciplinary project review body, and (ii) governance mechanisms need to be periodically reviewed at an international level to maximize societal benefits and minimize societal risks as new data sources and new technologies are introduced.

Thus, an EDBG has to be (i) independent and multidisciplinary, which can be modeled into a multistakeholder model, and (ii) focus on societal benefits and mitigate societal risks when creating and managing a data governance program and its policies.

For the first criterion, stakeholders of the EDGB include not just Health Information Manager (HIM) or Electronic Health Record (HER) specialists, but also every field staff including physicians, nurses, paramedics, financial personnel analysts with expertise in data governance policy and members of civil society, which can include direct consumers or pharmaceutical consumer associations. Every member of the EDGB must be provided with a set of responsibilities, be an active participant in all meetings and interactions and advise the pharmaceutical company in compliance with data protection regulations where they have operations.

Finally, for the second criterion, the EDGB must operate an information and data gap analysis plan. Together, they must identify the company’s challenges in data entry, storage, analysis and challenges that may affect patient and consumer privacy safety, as well as regulatory compliance. This will significantly eliminate occurrences of harmful outcomes in healthcare operations and lawsuits. Through this analysis, the EDGB must create internal policies and guidelines, with an intent to focus on data protection, accountability, and overall healthcare value creation.

The next step in my EDGB research as a Datasphere Initiative fellow is to create a model for EDGB implementation in Brazilian tech companies considering the Brazilian Data Protection Regulation (LGPD). After receiving sectorial input, I will propose a detailed outline of how an External Data Governance Board should be created and managed, as well as the limits and scope of its performance.

¹ Profisee. (2021). 2021 Harvard Business Review Analytic Services Pulse Survey. Harvard Business Review Analytic Services Publishing.

² Econsultancy & Adobe. (2021). 2021 Digital Trends Healthcare & Pharma in Focus. Healthcare Trends Report.

³ Dunleavy, K. (Apr. 4, 2022). Sanofi launches DE&I board with outside advisors, the first of its kind in pharma. Fierce Pharma.

⁴ Ataccama. (Apr. 4, 2022). 4 Data Management Disciplines that Help Pharma Make the Most of Clinical Trial Data. Ataccama Blog.

⁵ Krishnankutty et. al., supra note 5. 

⁶ Lu, Z. (2009). Information technology in pharmacovigilance: Benefits, challenges, and future directions from industry perspectives. Drug, healthcare and patient safety1, 36.

Id., at 35.

⁸ OECD. (Oct. 5, 2015). Health Data Governance: Privacy, Monitoring and Research – Policy Brief. OECD Health Policy Studies.


Join Our Newsletter

Subscribe to the Datasphere Pulse for updates on data governance news and activities.

The Datasphere Initiative is a global network of stakeholders fostering a holistic and innovative approach to data governance to build agile frameworks to responsibly unlock the value of data for all.

@2024. Datasphere Initiative. All rights reserved
Privacy Policy