cdpse-d3-data-purpose-data-analytics

Data Analytics Governance

isaca-cdpse · framework · Gold standard

Drawn fromCDPSE Review Manual · ISACA peer-reviewed case sets·Reviewed May 5, 2026

How this was built ▾

Every cubelet runs through five agent passes before publishing. Each stage's output is recorded so we can trace how a claim got here.

01 · RESEARCHSource synthesisClaude Haiku
02 · WRITERSix-face draftingClaude Sonnet
03 · EDITORCoherence + clarity passClaude Sonnet
04 · QAQuality gate scoringClaude Opus
05 · PUBLISHERCatalog + graph commitClaude Haiku

This runcourse-factory-pipeline-v1

1

Face 1 of 6 · WHAT

What is Data Analytics Governance

Data analytics governance, within the ISACA CDPSE Data Lifecycle framework, is the discipline of governing what analytical operations can be performed on personal data — by whom, for what declared purposes, and with what privacy controls in place. It is not about statistical methods or data science techniques; it is about the compliance and governance boundaries that determine whether a given analytics activity is lawful, purpose-consistent, and privacy-respecting. Analytics, in this context, means any process that derives insights, patterns, predictions, or decisions from personal data — from simple aggregation and reporting through machine learning and automated decision-making.

Where it stops · what it isn't

—IS: Governing analytics activities — determining permissibility, scope, and required controls for analytics on personal data
—IS: Constraining analytics operations to the original stated data purpose and applicable legal basis
—IS: Implementing privacy-by-design controls (anonymization, pseudonymization, aggregation thresholds, access controls) before analytics execute
—IS: Managing data subject rights (access, deletion, portability, automated-decision contestation) where they intersect with analytics workflows
—IS NOT: Teaching statistical methods, machine learning algorithms, or data science tooling
—IS NOT: A general business intelligence or data quality framework divorced from privacy obligations
—IS NOT: Synonymous with data governance broadly — it is specifically the privacy-focused governance of analytics activities within an established data lifecycle
—Common misconception: Anonymized data is NOT automatically exempt from privacy obligations — re-identification risk and evolving regulatory interpretation increasingly apply privacy requirements to pseudonymous and analytically derived outputs

Connected concepts in the graph

Every cubelet sits in a knowledge graph. Here's what this one connects to.

PART OF

Data Lifecycle (CDPSE Domain 3: Data Lifecycle Management)Data Purpose (CDPSE Knowledge Area: Purpose Limitation and Data Use)

REQUIRES

Data Minimization (GDPR Article 5(1)(c); CDPSE prerequisite competency)Data Classification and Inventory (prerequisite: knowing what data exists and its sensitivity level)

ENABLES

Privacy Impact Assessment / DPIA (analytics governance feeds into formal risk assessments)Data Subject Rights Management (analytics systems must support SAR, erasure, and portability)

RELATED TO

Data Security Controls (parallel control layer over the same data assets)Data Retention and Disposal (co-governance of data across the full lifecycle)

CONSTRAINS

AI and Automated Decision-Making Systems (analytics governance sets boundaries for model training and deployment)

Practice this judgment ↗

Adaptive, ~8 min

Sit in the practitioner's chair ↗

Live simulator

06 · APPLYSign up to enter the judgment simulator →

Watch your judgment grow on this concept

Create a free account to unlock all 6 faces, the judgment simulator, and a mastery score that updates with every attempt.