Data management

1) Why do you need it

Data management is a data operating system that connects people, processes and technologies so that data is quality, secure, understandable and usable. For iGaming, this is critical due to high regulation (KYC/AML, responsible play, payments), volume of events (bets, backs, transactions) and inter-team coordination (product, risk, marketing, finance).

• Reliability of metrics (the only source of truth for GGR, LTV, ARPPU).
• Risk mitigation (fines, leaks, incidents).
• Acceleration of analytics and ML (outflow prediction, anti-fraud, personalization).
• Managed scalability (new markets/brands/providers).

2) Operating Model

• Centralized: a single data team sets standards and implements processes. Plus - unification speed; minus - possible "narrow neck."
• Federated: domain teams own their own sets, shared policies are central. Balance of speed and control.
• Data Mesh: domains - as "data products" with SLO/SLI, catalog and contracts; strong self-management + platform support.

Tip: Start with a "federated" model and gradually evolve to Mesh in maturity.

3) Roles and responsibilities

Data Governance Council: cross-functional body (C-level + domains) - approves policies, priorities, KPIs.
CDO (Chief Data Officer): owner of the strategy of data, quality, catalog, culture.
DPO/Privacy Lead: data protection, regulatory compliance, DPIA, incidents.
Data Owners (by domain): finance, product, marketing, risk, CRM - responsible for the semantics and quality of the sets.
Data Stewards: operational "custodians" - glossary, metadata, DQ rules, quality tickets.
Security & Compliance: encryption, access control, auditing.
Platform/Engineering: catalogue, lineage, register scheme, pipelines, MDM, Lakehouse/DWH.
Analysts/Scientists: Consumers and co-owners of domain quality and availability requirements.

RACI (shortened example)

Politicians: CDO (A), Council (R/A), DPO (C), Sec (C), Owners (C), Eng (I)

Catalog/glossary: CDO (A), Stewards (R), Owners (C), Eng (C)

Data Access: DPO/Sec (A), Owners (R), IT (R), HR (I)

Data Quality: Owners (A), Stewards (R), Eng (C), Analysts (C)

4) Data Governance Artifacts

1. Data management policy (umbrella document): principles, roles, control, escalations.
2. Data catalog: register of sets (KYC, transactions, game rounds, RG limits, payments, provider feeds), owners, tags, classification.
3. Business glossary: GGR/Net Gaming Revenue definition, bonus liability, churn, active player, VIP segments.
4. Data Lineage: from source (providers, PSP, CRM) to storefronts/models - for trust and audit.
5. Data Contracts: formal agreements between producer and data consumer - schemes, types, quality/timeliness SLAs.
6. Schema Registry & Versioning: evolution of circuits without breakdowns (semver, depression plan, backward/forward compatibility).
7. MDM (Master Data Management): registers of players, brands, providers, games (game_id, studio, RTP, volatility).
8. Retention/deletion policy: deadlines, Legal Hold, anonymization/pseudonymization.
9. Data Product Canvas - Purpose, Consumers, Incidents, Quality Metrics, SLO/SLI.

5) Processes and practices

5. 1 Data Quality

• Completeness, accuracy, validity, consistency, timeliness, uniqueness.
• DQ rules in pipelines (for example, bet amount ≥ win amount, IBAN/card format, age ≥ 18 +).
• DQ alerts and tickets: with regression - auto-escalation to the domain owner.

5. 2 Access control and classification

The data classes are Public/Internal/Confidential/Restricted (PII/Financial).
RBAC/ABAC: roles by task (analysis, product, risk), attributes (country, brand, project).
Principle of least rights, temporary access (Just-in-Time), request logging.

5. 3 Privacy and security

Encryption in transit and at rest; key management and rotation.
Aliasing for analytics, anonymization for research/sandboxes.
Minimization policy: store only what you need, as much as you need.
Incident management: response plan, notification of stakeholders.

5. 4 Data lifecycle

Create → Ingest → Storage → Enrichment → Access/Analytics → Archive/Delete.
For iGaming: round events (spin/hand), sessions, payments, player limits, support tickets, complaints, DSAR.

5. 5 Storage, removal, Legal Hold

Storage schedules: operating logs - X months, reporting - Y years, PII - by minimum and by law.
Legal Hold: Freezing removals in investigations/courts.
Removal techniques: soft-delete (label), hard-delete, crypto erasure, anonymization.

5. 6 Data Change Management

RFC for scheme/contract changes, linejet impact analysis.
Backfill procedures and migration plan.
Window and model versioning (v1 → v2 with parallel run and comparison).

6) Architectural principles

Lakehouse + DWH: raw and purified layers, display cases for BI/ML; Formats with transactionality (ACID tables)

Streaming + Batch: real-time anti-fraud/personalization and daily reporting.
Data Contracts by event bus: Avro/Proto, circuit evolution, idempotency.
Gold sets: certified tables for key KPIs (GGR, DAU, retention).
Observability of data: monitoring of freshness, volume, drift of characteristics for ML.

7) Metrics and KPI Governance

% of certified sets in the catalog.
Glossary coverage (proportion of terms with owners).
DQ-SLA: timeliness (freshness), percentage of successful quality checks.
New source/domain product connection time.
Number of incidents by data and mean time to recovery (MTTR).
The percentage of access requests processed in the SLO.
Analyst satisfaction/DS (surveys).

8) Tools (sample categories)

Catalog & Glossary & Lineage: Enterprise catalog with auto metadata collection and graph.
Quality/Observability: rules, tests, monitoring of freshness and anomalies.
Access & Security: centralized policies, access provisions, audit log.
Schema Registry/Contracts: schema registry, compatibility checks on CI.
MDM/Reference Data: master records of players/games/brands, reference books of currencies, countries, providers.
Workflow & Ticketing: approval pipelines, RACI templates, SLA queues.

9) Examples of data domains in iGaming

Game events: game_round, bet, win, RTP by time/game/provider.
Payments: deposits, conclusions, chargeback, methods (cards, crypto, local PSP).
Users: KYC/KYB statuses, RG limits, self-exclusion, complaints.
Marketing/CRM: campaigns, traffic sources, segments, bonuses and wagering.
Risk/AML: scoring, anomalies, alerts, investigations.
Finance: GGR/NET reports, taxes, cuts by country and brand.

10) Templates (ready to use)

10. 1 Data set card

• Classification/PII: Public/Internal/Confidential/Restricted
• Scheme (version): reference to contract/register
• Lineage: Source → Transformation → Showcase

10. 2 Data Contract

• Schema: fields, types, nullable, dictionaries.
• Semantics: definitions, business rules.
• SLA: delivery delay, availability.
• Compatibility: Version Policy (SEMVER), Depression Window.
• Quality: mandatory checks (unique key, ranges, reference guides).
• Security: masking/aliasing/encryption.

10. 3 Access policy (excerpt)

Principle: least privileges, justification of the request.
Flows - Request → Owner/DPO approval → provision → journal.
Deadline: temporary access with auto-recall.
Monitoring: Regular rights reviews.

11) Step-by-step implementation roadmap

First 30 Days (MVP Governance)

1. Assign Council, CDO, Owners/Stewards by domain.
2. Accept the Data Management Policy and the minimum classification model.
3. Expand the base directory + glossary, describe 10 critical sets (GGR, transactions, KYC).
4. Include 5-10 DQ rules in the main pipelines (freshness/uniqueness/validity).
5. Start the access request process with logging.

60-90 days

1. Enter Data Contracts on game kernel events and payments.
2. Enable Schema Registry with compatibility check on CI.
3. Configure the basic lineage by key flows.
4. Issue retention/deletion schedules and Legal Hold procedure.
5. Agree KPI Governance and publish monthly report.

3-6 months

1. Certify "gold" storefronts KPI and MDM registries (players/games/providers).
2. Enable data observability (freshness, volume, drift), alerts and autotiquets.
3. Audit accesses and roll-back extra rights.
4. The catalog covers ≥70% of active sets, the glossary covers top metrics.
5. Train stewards and domain teams (templates, checklists, SLO).

12) Risks and anti-patterns

Directory for Directory's Sake without domain ownership.
Hidden "data shadow IT" (unaccounted for Excel/laptops with PII).
Contracts without automatic compatibility checks.
Too rigid centralization - queues and brakes.
Lack of quality metrics and reporting - no feedback.

13) Communication with neighboring section practices

Data Quality, Model Monitoring, Data Drift, DSAR/Privacy, Legal Hold, ML Deployment - all rely on common policies, contracts, catalog and roles.

Total

Data management is not only documents, but daily rituals: who owns, how we measure quality, by what rules we change schemes, how we give access and when we delete. In iGaming, the winner is the one who has reliable, accessible and protected data, and solutions based on them are repeatable and verifiable.