Get In Touch
Article

How to create effective data governance frameworks

Alina Grubnyak ZiQkhI7417A Unsplash
March 30, 2026

Paris Bielby, Data Director at CAVU, and Jamal Karim, Lead Data Engineer at CAVU, share how airports can build data governance frameworks.

Written by
Lawrence Chapman
Content Manager

When most people hear ‘data governance,’ they think of bureaucracy, approval processes, and delays.

But what if governance could help teams move faster? What if it enabled a marketing team to launch a campaign in days instead of weeks, or allowed commercial teams to act on insights confidently? 

In our webinar, The Data Strategy Blueprint: Laying the Foundations for Commercial Growth, Paris Bielby, Data Director at CAVU, and Jamal Karim, Lead Data Engineer at CAVU, shared how airports are building governance frameworks that enable speed and confidence rather than creating bottlenecks. 

CAVU: How do you build governance frameworks that enable faster decision-making? 

Paris: 

“When we talk about data governance, many people immediately think of rules, hard controls, and bureaucracy, but the most effective governance frameworks do the opposite: they enable teams to act quickly and confidently. Good governance is about creating clarity and trust, so decision-makers know exactly what data they can use, how it can be used, and that it’s reliable. 

At a high level, governance starts with defining clear ownership and accountability for data domains: who owns passenger flow data, who owns retail transaction data, who owns partner performance metrics. Secondly, it’s standardisation, definitions and metadata so everyone is speaking the same language. When teams trust that a metric is consistent across departments, they can make decisions faster because they’re not debating which version of the truth to use. 

Governance also includes policies for privacy, compliance, and security. This protects sensitive passenger data and commercially confidential partner information while still allowing the right people access for business decisions.

The key is to automate enforcement where possible and provide frameworks that guide behaviour rather than create bottlenecks. When governance is embedded in processes and tools, it becomes an enabler rather than a barrier. 

In practice, the result is that commercial teams launching a new promotion, or optimising passenger spend, don’t have to wait weeks to get approvals or clarify definitions. They can access trusted data immediately, understand constraints, and act, which is ultimately what governance should achieve: faster, safer decision-making at scale.” 

Marcus Wallis YghnwsgQX O Unsplash

CAVU: When are data governance programmes most effective? 

Jamal: 

“Data governance works best when it’s embedded directly into the systems and workflows teams use every day. 

For a commercial team launching a new promotion, that might look like a catalogue of ‘approved’ datasets with consistent definitions, automated quality checks, and clear flags for any sensitive fields, like PII or partner-specific data. 

From an engineering perspective, least-privilege access is critical, not just for commercial users, but even within the data team. Role-based access controls and row-level security ensure that individuals only access the datasets they are authorised to work with, preventing accidental exposure of customer or partner data. 

Our automated data quality framework also plays a key role: it checks for missing or null values, validates data types and ranges, and flags anomalies before data reaches stakeholders. This way, teams can trust the data and make decisions confidently. 

On a day-to-day basis, good governance also means observability and transparency. Teams can see when data was last updated, the lineage of key metrics, and any exceptions identified by automated quality checks. This reduces manual reconciliation work and prevents delays caused by uncertainty around data integrity. 

Equally important is how we share data. Data governance requires that information is always shared in controlled, secure ways, not via email or ad-hoc files. We use methods such as SFTP with IP whitelisting, or secure platforms like Databricks Delta Share, ensuring that sensitive or confidential data only goes to authorised recipients in a fully auditable manner. 

For example, a marketing team launching a campaign to promote lounge access or fast-track services can immediately access approved datasets on historical parking, lounge, and fast-track bookings, and upcoming travel dates, all with consistent definitions, and only for customers who have explicitly consented to be contacted. This removes the need for manual validation or ad-hoc checks, allowing teams to segment customers confidently and act quickly. 

This data governance framework enables campaigns that previously took weeks to launch to go live in days, without compromising compliance or trust. Governance here becomes an enabler of speed, confidence, and commercial impact rather than a bottleneck.” 

Apacmasthead

CAVU: How can airports work collaboratively with commercial partners and share data safely? 

Paris: 

“Good collaboration in an airport environment starts with a shared understanding of purpose. Airports and their commercial partners ultimately want the same outcome: better passenger experiences and stronger commercial performance. When everyone is aligned on that common goal, collaboration becomes far more natural and far more productive. 

In practice, the strongest partnerships are built on clarity, consistency, control, and critically, the right people and processes to support them. 

Clarity means agreeing upfront on what data is being shared, why it’s being shared, and what value each party expects to gain. But it also means being clear about roles and responsibilities: who owns which decisions, who maintains which datasets, and who is accountable when something changes. Without that human clarity, even the best technical solution will struggle. 

Consistency comes from standardised data models, shared definitions, and repeatable processes so everyone is working from the same foundation. But consistencyis also cultural. It requires partners to show up with the same mindset: transparent, predictable, and willing to follow agreed ways of working. When people behave consistently, trust builds quickly. 

Control is about ensuring data is handled securely, ethically, and in line with contractual and regulatory requirements. But governance isn’t just a set of documents. It’sa process that needs to be lived: regular reviews, clear escalation paths, and a rhythm of communication that keeps everyone aligned and accountable. 

When it comes to commercial sensitivities, the key is designing collaboration models that protect competitive information while still enabling insight. That typically means role‑based access, data minimisation, and aggregation so partners only see what they need to operate effectively. 

It also means strong contractual frameworks, i.e. data‑sharing agreements, retention rules, and transparent auditability, so every partner knows the boundaries and feels confident operating within them. 

But the people side matters just as much. Partners need to feel that their data is respected, that their concerns are heard, and that the airport is a neutral steward rather than a competitor. When you create that environment through good communication, predictable processes, and a governance model everyone trusts, collaboration stops being a risk and becomes a genuine competitive advantage.” 

Airportsolutions

CAVU: How does this partner collaboration work in practice from an engineering standpoint? 

Jamal: 

“Good collaboration isn’t just about sharing data, it’s about doing so safely, responsibly, and in a way that scales. Airports often work with multiple commercial partners, each with different sensitivities around their data, and navigating that requires strong governance. 

Practically, this starts with knowing exactly what data we hold, where sensitive fields exist, and who should have access. We tag PII and partner-specific information,apply role-level security and least-privilege access, and ensure only authorised users can view it. Before anything goes live, we run thorough testing on pipelines, dashboards, and data-sharing workflows to confirm access rules are enforced and that sensitive data cannot leak. 

For example, when bringing new product streams online, such as Travel Insurance, we collaborate closely with partners from the start to understand their requirements, operational constraints, and compliance obligations. We design the data flows so that everyone knows exactly what will be shared, in what format, and with what frequency, ensuring partner trust while enabling the product to operate smoothly. 

For our standard reporting offerings, we listen to client needs and evolve our approach over time. Many clients require similar datasets but want them updated and accessible as frequently as possible. 

Rather than maintaining slow, bespoke SFTP exports, we are moving to a standardised, scalable sharing approach using Delta Sharing. This allows clients to access the data they need, as often as they need it, within a fully governed and auditable framework. 

The result is that airports and their partners can act on insights quickly and safely, without compromising trust or compliance. By combining close collaboration, clear definition of needs, and strong governance, we’re able to unlock real value for all parties.” 

Airlinesolutions

CAVU: What’s the first step airports should take when building a data-led strategy? 

Paris: 

“For airports that are right at the beginning of their data journey, the best thing they can do in the next 30 days is pick one small, meaningful win and deliver it. Not a big strategy document, not a huge transformation programme, just one practical improvement that shows people what good looks like. It could be fixing a messy data feed, giving teams a single trusted number for something they argue about every day, or creating a simple dashboard that replaces a painful manual process. That early win builds belief, and belief is what gets the whole thing moving.” 

Jamal: 

“Making that first 30-day win happen is all about turning a business problem into an operational solution quickly. We start by working with stakeholders to identify the key metric, report, or process that’s causing the most friction. Then we map exactly where the underlying data lives, who owns it, and how it currently flows. 

That allows us to build a centralised pipeline into a warehouse or analytics platform, applying automated quality checks to ensure accuracy and completeness. We then surface it through a lightweight dashboard or report so teams have one trusted source of truth that they can use to make decisions.” 

Create scalable, secure data foundations. Watch the full webinar.

This article highlights only part of Paris and Jamal’s conversation.

In the full session, they also explore how to:

  • Define what “good data” really looks like in complex commercial ecosystems

  • Design cross-ecosystem data strategies that connect stakeholders and commerce data

  • Build scalable data governance frameworks

  • Move from fragmented systems to unified architectures that reduce silos and blind spots

  • Enable faster, more confident commercial decision-making

Watch the full webinar to learn how to turn your data into a strategy built for sustainable commercial growth.

Watch the Webinar