Data Governance vs. Data Management vs. Data Compliance — A Plain-Language Disambiguation

Editor’s Note — DCC.

Three terms that English-Chinese bilingual practitioners constantly mix up: data governance (数据治理), data management (数据管理), and data compliance (数据合规). The confusion isn’t merely linguistic — in Chinese practice the boundaries are drawn slightly differently than in DAMA-style English frameworks. Wang Qinglan’s plain-language primer uses a “data manor” metaphor that holds up well across the bilingual gap. DCC’s framing here highlights where the Chinese and Western conceptual boundaries diverge.

The 数据资产 (“data asset”) vocabulary in Chinese practice often runs ahead of the operational clarity around how data work is actually organized inside an enterprise. Wang’s piece names the three roles and the relationships between them — not as a theoretical exercise but as the architectural foundation an enterprise needs before it can claim to “do” any of them.

The data manor — three roles

Imagine the enterprise’s data assets as a manor estate. Three roles run it:

• Data governance — the family council. Sets rules, doesn’t execute.
• Data management — the steward team. Executes the rules, runs the estate day-to-day.
• Data compliance — the community monitor. Holds the estate accountable to external rules and to the commitments the estate has made publicly.

Each role answers a different question. Mixing them creates organizational confusion.

Role 1 — Data governance (数据治理): “doing the right things”

The family council. Sets the rules; doesn’t carry out the work. Its job is the direction-setting layer of data work.

The council answers questions like:

• Who owns which data? — assigning data ownership.
• Who can see / change which data? — permission allocation.
• What quality and security standards must the data meet? — policy definition.
• When two departments dispute which data flow takes priority — who decides? — escalation mechanism.

Crucially, the council doesn’t decide how data is moved or stored. It decides what the rules are. The rules are typically organized in two layers: business rules (which data the manor needs to prioritize, e.g., which customer segments deserve first-pass attention) and management rules (who is responsible for which data activity, e.g., which team owns customer-data integrity).

Wang’s framing: governance is “the management of management.” The output is the rulebook — the policies that every steward team must follow when actually executing data work. Without a coherent rulebook, the steward team improvises and the compliance monitor has nothing to verify against.

Role 2 — Data management (数据管理): “doing things right”

The steward team. Takes the council’s rules and executes them. The operational layer.

The steward team’s day-to-day work covers the full data lifecycle:

• Discovery and inventory — what data does the manor hold, where is it stored, what’s in the vault?
• Storage and architecture — how is the data organized so it can be found again?
• Access control — who is permitted to use which data?
• Quality and cleaning — keeping the data accurate, deduplicated, current.
• Security — protecting the data from unauthorized access, leakage, modification.

The team is organized by specialism. Wang sketches the typical roster:

• Chief Data Officer (CDO) — the head steward, bridging governance and management.
• Data Architect — the building planner, designing the storage and flow topology.
• Data Security Specialist — the guard, securing the perimeter.
• Data Quality Engineer — the gardener, keeping the data tidy.
• Metadata Manager — the archivist, cataloguing what exists.
• Master Data Manager — the warehouse-keeper, ensuring authoritative reference data.

Their collective job: keep the manor running, and ensure that as data passes through the lifecycle — from collection, through processing, to eventual archival or destruction — quality and security are maintained.

The core posture: execution-focused, not direction-setting. “Doing the right thing well” — where the right thing has been defined by governance.

Role 3 — Data compliance (数据合规): “operating sustainably”

The community monitor. Holds the manor accountable to two sources of rules: external requirements (laws, regulations, standards) and self-imposed commitments (the manor’s public promises).

Wang divides compliance rules into three tiers, with sharply different operational implications:

Tier 1 — Community rules (mandatory legal obligations)

The community’s binding rules. Things like “trash must be sorted before disposal” (data classification regulation), “no demolishing load-bearing walls during renovation” (mandatory data-security standards), “no leaking visitor information” (personal information protection). The manor’s family council cannot override these — they constrain governance itself.

Violation consequences range from fines and neighbor disputes (administrative penalties) to litigation and imprisonment (criminal penalties under, e.g., Criminal Law Article 253-1 for PI infringement).

Tier 2 — Bonus rules (voluntary ethical obligations)

Self-imposed standards above the legal floor. The community requires “no probing visitor information without need” (minimum-necessary PI collection); the manor goes further: “quarterly audit of supply chain to ensure proper visitor information handling.”

These aren’t legally mandatory, but they earn reputation. They reflect the manor’s strategic positioning — the choice to operate at a higher ethical bar than competitors. Wang’s framing: these are reputation investments, not compliance requirements.

Tier 3 — Commitment rules (promised obligations)

The manor’s publicly made promises. “Lost item recovery guaranteed within 24 hours.” These aren’t legal requirements but breaking them damages the brand and exposes the manor to civil liability (contract claims, consumer-protection claims, false-advertising claims) even though no statute is violated.

How the tiers stack

The council sets internal rules with all three tiers in mind: the community floor (Tier 1) is the immovable foundation; Tiers 2 and 3 are positioning choices. The steward team must operate within all three. Compliance — the monitor — verifies the manor’s behavior against all three.

Wang’s metaphor: compliance is a dynamic guardrail — keeping the manor from straying across any of the three lines while leaving room for the manor to chase its own ambition.

Putting the three together

A clean summary, in Wang’s framing:

The three are not parallel — they form a stack. Governance defines the rulebook. Management executes the rulebook. Compliance verifies the execution against external standards and self-imposed commitments. Confuse the roles and you get the common pathology: the compliance team writing rules (governance), the data team improvising without guidance (no governance), or the governance team auditing operational details (overstepping into management).

Where Chinese and Western framings diverge

Wang doesn’t push the bilingual comparison, but it’s the most useful payoff for overseas readers.

In DAMA’s English-language framework (DMBOK 2), data governance is one of eleven knowledge areas of data management. Governance is a subset of management. Operationally, governance is the central coordination layer within data management — the function that sets policies for the other ten knowledge areas (architecture, modeling, storage, security, integration, etc.) to follow.

In Chinese enterprise practice, governance and management are often treated as parallel functions, with compliance as a third parallel. The relationship gets ambiguous: is governance subset of management (DAMA), or peer to management (Chinese usage)? Both framings are defensible — they answer different questions. Wang’s metaphor sidesteps this by giving each function a distinct role identity.

The practical implication for multinationals: when a global compliance memo refers to “data governance,” a Chinese counterpart may understand it as a peer-function rule-setting body. When a Chinese operations document refers to 数据治理, a Western team may read it as a subordinate function within a broader management framework. Both teams nodding at “data governance” may mean different things.

The cleanest disambiguation, in DCC’s reading: anchor to the question being answered.

• Direction-setting question → governance.
• Execution-efficiency question → management.
• External-rules + self-commitments question → compliance.

Where the question is unclear, name the function instead.

Why this matters for compliance architecture

Three takeaways:

• The three functions need three different organizational positions. Governance reports up to executive leadership (the family council). Management reports through operations / IT / data-platform leadership. Compliance reports through legal / risk / audit. Collapsing them into one team produces structural conflict — the governance function shouldn’t be auditing itself.
• Compliance is not “follow the rules” — it’s “follow which rules.” Wang’s three-tier model (mandatory legal / voluntary ethical / public commitment) is the operational asset compliance practitioners should internalize. Treating Tier 2 and Tier 3 with Tier 1 rigor over-burdens; treating Tier 1 with Tier 2 flexibility creates legal exposure.
• Chinese-language internal documents and English-language global policies are easier to align when each piece names its function explicitly. Don’t translate “governance” generically — translate it as the specific function being referenced.

The Wang piece is short — three pages in the original — but it makes a distinction that matters more than its length suggests. For compliance teams building bilingual frameworks, it’s a useful conceptual anchor.

— Wang Qinglan (王青兰), 3分钟读懂数据治理、数据管理与数据合规 (Three Minutes to Understand Data Governance, Data Management, and Data Compliance), 青兰数据观察 WeChat Official Account, August 25, 2025. Original article (Chinese).

Not legal advice. The above is DCC’s structured summary of Wang’s commentary; not a verbatim translation. The author’s views are her own and do not represent her employer.