Data Gatekeeper
Role overview
Your mission: You ensure that data complies with governance and privacy requirements before it is made available. You review and release Datasets, Data structures, and Data sources that are subject to data protection or regulatory constraints.
Why your role is vital: You are the "Guardian". You ensure that sensitive or regulated data is handled correctly.
Defining your scope: You work on Datasets, Data structures, and Data sources that require governance or privacy review. You define governance rules and approve data-related elements in critical cases.
Your core responsibilities
- Define governance and compliance rules: You define data governance models and ensure they are applied consistently
- Review data-related elements: You validate Datasets, Data structures, and Data sources that are affected by privacy or regulatory requirements
- Approve critical releases: You release data-related elements that require additional governance or data protection approval
- Ensure compliance: You ensure that data usage follows legal and organizational policies
Outside your scope
It is not your responsibility to create or configure data-related elements.
If you need to make corrections or adjustments, the Data Owner role is likely the right role for you.
If you design Data structures, integrate Data sources, or build pipelines, the Data Architect or Data Steward role is likely the right role for you.
If you manage Users, Groups, or Roles, or configure platform-wide access, the Tenant Admin role is likely the right role for you.
To review and release data-related elements, you need the appropriate permissions.
The access logic: Access is always the result of a User being assigned to a Group, and that Group being assigned a Role at a specific Scope.
Scopes: Roles apply either at Platform level or on a specific data-related element such as a Dataset, Data source, or Data structure.
As a Data Gatekeeper, your Role is typically assigned:
- on specific data-related elements that require governance review
- or at Platform level if you oversee compliance across all domains
→ Deep Dive Authorization Model
Typical tasks
Your work in CIVITAS/CORE focuses on governance and compliance:
- Review sensitive Datasets: Check if data meets privacy and governance requirements
- Validate Data structures and Data sources: Ensure no restricted or sensitive data is exposed incorrectly
- Approve releases with constraints: Release data-related elements that require governance approval
- Ensure compliance across domains: Apply governance rules consistently
Your first steps
To start working as a Data Gatekeeper in CIVITAS/CORE:
- Ensure you have access to relevant Datasets, Data structures, and Data sources
- Identify elements that require governance or privacy review
- Review their configuration and status
- Validate compliance and risk
- Set them to Available when approved
Best practices & avoiding mistakes
- Focus on critical data: Only intervene where governance or privacy requirements apply
- Apply governance consistently: Ensure rules are applied across all relevant domains
- Do not block unnecessarily: Enable data usage while ensuring compliance
- Coordinate with Data Owners: Align on release decisions and responsibilities
Key terms to know
To work effectively as a Data Gatekeeper, review these terms in our Glossary:
- Data structure: Defines the schema and structure of data.
- Data source: Represents the origin of data.
- Dataset: A structured collection of data prepared for use.
- Status: Defines the lifecycle stage of a data-related element (Draft, Ready, Available).