Data Governance Roles: Who Does What in a Modern Program

Data governance roles define who is accountable, responsible, consulted, and informed across every data asset in an organization. The six core roles in 2026 are Chief Data Officer, Data Owner, Data Steward, Data Custodian, Data User, and Data Protection Officer.

Each role has specific responsibilities, decision authority, and reporting structures. Getting these distinctions right is the single biggest predictor of governance program success — and confusing them is the most common reason programs stall before they ever produce value.

This guide walks through every data governance role, RACI mappings, common staffing pitfalls, and how to adapt roles for AI-era governance where agents are also 'data users.'

The Six Core Data Governance Roles

1. Chief Data Officer (CDO) — The executive sponsor. Owns the overall program, secures budget, reports to the board. Without a named CDO, governance stalls.

2. Data Owner — Accountable for a specific data domain (customer, finance, product). Makes policy decisions, approves access, and is the buck-stops-here person for quality and compliance in their domain.

3. Data Steward — Responsible for day-to-day execution. Writes policies, maintains glossaries, runs quality checks, escalates incidents. Stewards are the operational muscle.

4. Data Custodian — Technical role, usually on the platform team. Implements the controls the stewards define. Runs the catalog, enforces access, manages infrastructure.

5. Data User — Anyone consuming data for decisions. Analysts, scientists, product managers, executives. In 2026 this also includes AI agents.

6. Data Protection Officer (DPO) — Required under GDPR for certain orgs. Independent role reporting to the board, focused on privacy compliance.

RACI for Data Governance Roles

The RACI matrix (Responsible, Accountable, Consulted, Informed) clarifies who does what across common governance tasks:

How AI Agents Change the Data Governance Roles Model

AI agents are now a new class of 'data user.' They need access controls, audit logs, and accountability, but unlike human users, they do not have managers or performance reviews. The solution: every AI agent maps to a human principal (the 'accountable human') who owns the agent's actions.

Data Workers enforces this mapping at the MCP tool layer. Every agent tool call records both the agent ID and the accountable human, so incidents can be traced to a responsible party. Read our AI data governance guide for the full framework.

Common Data Governance Roles Mistakes

• •No named CDO — the program has no executive air cover
• •Conflating owners and stewards — one person cannot do both for the same domain
• •Putting custodians in charge of policy — they own implementation, not direction
• •Forgetting the DPO role in GDPR-scope orgs
• •Failing to map AI agents to accountable humans
• •Hiring stewards without authority — they cannot enforce what they cannot decide

Staffing Ratios for Data Governance Roles

Rough staffing guidelines for a company with 50 data engineers and 500 analysts/users:

• •1 CDO
• •5-10 Data Owners (one per major domain)
• •10-20 Data Stewards (one per 25-50 active datasets)
• •2-5 Data Custodians on the platform team
• •1 DPO (independent of the CDO in GDPR-scope orgs)

Data governance roles are the skeleton of any governance program. Get them wrong and no framework, no tool, and no policy can save you. Get them right and the rest of the program takes care of itself. Start with a named CDO, domain owners with authority, and stewards with real job descriptions. Book a demo to see how Data Workers enforces role-based access at the MCP tool layer.