Compliance & Data Governance

Compliance & Data Governance Glossary

This advanced workshop focuses on creating a Compliance & Data Governance Glossary that addresses regulatory requirements, data privacy, and security considerations. You'll learn how to identify sensitive data, apply compliance tags, and build a Glossary that supports regulatory audits and data protection initiatives.

By the end of this workshop, you will:

Identify and classify sensitive data elements
Apply regulatory compliance markers (GDPR, PCI-DSS, CCPA)
Design glossaries that support privacy-by-design
Implement data classification frameworks
Create audit-ready documentation

Business Glossary | Pentahodocs.pentaho.com

Understanding Regulatory Landscape

Each regulation has different requirements, penalties, and scope. GDPR can fine up to 4% of global revenue. PCI-DSS non-compliance can result in losing credit card processing abilities. We must understand what each regulation demands before we can build a compliant glossary. Think of regulations as business requirements that happen to be legally mandated.

GDPR: Broadest scope, strictest penalties, applies globally if you have EU customers
PCI-DSS: Required for any credit card processing
CCPA: Growing trend, other states following California's lead
SOX: Public company requirement, affects financial data
HIPAA excluded: Adventure Works doesn't handle health data

Regulation

Scope

Key Requirements

Data Impact

GDPR

EU citizens' data

Consent, right to erasure, data portability

Names, emails, addresses, phone, National Identity, etc

LGPD

Brazilian citizens' data

Similar to Europe's GDPR

Covers a broad range of PII data

PCI-DSS

Payment card data

Encryption, access control, monitoring

Credit card numbers

CCPA

California residents

Disclosure, opt-out, deletion rights

Personal information

SOX

Financial reporting

Accuracy, audit trails, internal controls

Financial records

Review the following tables:

We can't protect what we don't know about. This systematic scan identifies all potentially sensitive data. We're looking for anything that could identify a person, reveal financial information, or be used for identity theft. This is like taking an inventory before implementing security measures:

Person.Person (names, demographics)
Person.EmailAddress (contact info)
Person.PersonPhone (phone numbers)
Person.Address (physical locations)
Sales.CreditCard (payment data)
HumanResources.Employee (SSN, birth dates)

Ask the following questions to help define a Risk Assessment Matrix:

Critical Questions:

What Terms do you have difficulty with?
What data could identify an individual?
What data requires encryption?
What data has retention limits?
What data needs access controls?

Test Glossary

Establishing a hierarchical structure by categorizing business terms into domains and specific categories simplifies data navigation and management. This organized structure boosts efficient data discovery and strengthens governance through role-based access controls. In the realm of data management, business terms are crucial in a data catalog, guaranteeing seamless identification, access, and utilization of data in line with organizational goals and compliance mandates.

Let's create a Test Glossary ..

Log into PDC:

https://pdc.pentah.labpdc.pentah.lab

Username: [email protected] (mapped to Business Steward role)

Password: Welcome123!

Navigate to: Glossary

Glossary

Under Actions select 'Add New Glossary'.

Enter 'Test Glossary' and click 'Create'.

Click on Edit: Enter a Definition & Purpose by clicking on the Edit option.

Click 'Save Changes'.

Panel

Enter a bunch of default values so we get an idea of what's in the API call ..

The following panels enable to track and audit any changes to the Glossary.

Properties

The Properties panel define required metadata properties that track and audit any changes to the Glossary.

Property

Value(s)

Description

Sensitivity

HIGH

Classification system that categorizes data assets based on the potential impact if that data were to be compromised, accessed inappropriately, or disclosed without authorization

Domain

Technology

List of Domains

Custodian

David Park

The user responsible for managing the glossary.

Business Steward

David Park

The user responsible for any modifications to the asset.

Critical Data Element

False

This property is usually applied to columns. These columns should be critical pieces of information that are necessary for decision making and so need to be governed with the highest care.

Status

Draft

Accepted, Draft, Review, Deprecated

Created by

The logged in user

The user who created the glossary item.

Updated by

The logged in user

The user who updated the glossary item.

Last Updated

Timestamp

A timestamp indicating when the glossary item was last updated.

Glossary

Creating a Glossary is pretty straightforward in Data Catalog .. and that's useful if you're testing out Hierarchies, Categories and Terms to ensure they follow convention.

However, there will be a time when you'll need to do a bulk load to get up and running and that's where the fun begins. In this section we're going to take a deeper look inside the JSON Object.

There's a couple of key features to bear in mind when your creating a Glossary:

Data Catalog uses JSONL - JSON Lines is a convenient format for storing structured data that may be processed one record at a time. The values are not stored in an array, but as: One JSON Object per line.
Each field needs specific fields, in the correct order, for a successful import:

Required Fields

_id: Unique identifier (e.g., "customer-name-001")

type: Always "term" for term definitions

name: Human-readable term name

fqdn: Full hierarchical path

attributes: Container for all term-specific data

Relationship Fields

rootId: ID of the root governance entity

parentId: ID of the parent category/container

resourceId: External resource reference (often empty)

Audit Fields

createdAt/updatedAt: ISO 8601 timestamps

createdBy/updatedBy: UUID of the user

The 'attributes object' is a complex nested JSON Object that populates the Properties panel.

Attributes Structure

features.sensitivity: Data classification level

formula: Validation rules/patterns (Lexical format)

info.custodian: Data custodian UUID

info.businessSteward: Business owner UUID

info.purpose: Business purpose (Lexical format)

info.definition: Term definition (Lexical format)

info.abbreviation: Short code for the term

info.status: Lifecycle state

You cannot apply incremental updates. The timestamp means that the whole Glossary has to uploaded.

Upload the following

PreviousGlossaries & Terms NextSales Business

Last updated 7 days ago

Was this helpful?

Compliance & Data Governance

Compliance & Data Governance Glossary

Understanding Regulatory Landscape

Test Glossary

Glossary

Panel

Properties

Category

Term

Custom Properties

Custom Properties

Glossary