What’s the best place to start when evolving data governance?

Actually all, but data is the driving factor for anything. All people, processes, policies are going to start with data, otherwise, we will endup saying he says, she says.

You need to look all , People , process, policies and data.

Start with the basics—automate your policies right when data is created, not after something goes wrong. Classify data early, keep access consistent across platforms, and build in guardrails that fix themselves. That’s how real, scalable governance begins—not with audits, but with architecture.

My easy-way-out response would be that you do not necessarily need to start with any one of these. You can simultaneously act on some or all of them. Staying within the question though, the most foundational and far-reaching aspect is policies in my view. Data is ever-growing/evolving and reactive, hard to steer things with it. People and processes are also fluid with reactions that depend on the situation. Policies are the most slow-moving, but far-reaching aspect, giving a team time to make informed changes to policies that hopefully fan out to the data, people, and processes. (This is why policies tend to be set from the top down.) Of course, all of these are important and ultimately need to be delt with for effective data governance.

I think this depends on your approach to policies in your organisation.  For ourselves, where we are starting with our policy framework is actually focusing on defining clear strategic principles and ensuring these are aligned and have sponsorship top down.  With this we can use these principles to drive the review of people and process capabilities against these agreed principles.