Since the end of the 1980s, there have been several initiatives to control and manage IT environments. ITIL is one of the more successful models, COBIT another. However, thanks to the IP protocol and Internet, since mid-2000 the world has seen a veritable data explosion, affecting IT governance. Some predictions expect current data volumes to grow more than 10 times till 2020, having serious implications both from governance and security perspectives. Additionally, we see some new EU regulations, i.e., Network and Information Security Directive (NIS) and General Data Protection Regulation (GDPR), implemented in May 2018. The latter two will directly affect the scope of IT governance within the European Union and for non-European entities handling EU Citizen’s personal data, with substantial fines if not complying. Both regulations forces anyone handling such data to consider information strategies that include big data management, governance, and information security as a convoluted context. Particularly, GDPR make them to related questions, a governance package. This creates a need for a paradigm shift to remediate/mitigate identified limitations in today’s traditional governance models. This article discusses governance from a holistic perspective, based on the data flow, as per the requirements of GDPR. These are the issues which were not envisioned when today’s governance models were designed in the late 1980s or early 1990s.