Many organisations and businesses have chosen spreadsheets to manage their records of processing activities.
Understanding new regulatory frameworks, getting in control and involving colleagues in your organisation is not an easy task. It is understandable that many have chosen to delay the decision to commit to a system, much less to adjust privacy workstreams.
Even a year into GDPR, we speak to many businesses who still use spreadsheets, but who wish they weren’t doing so.. Excel is a challenging medium for managing a privacy program.
Yet switching out of excel raises some common fears and concerns, such as:
- There are so many alternatives, how do I know if I choose a system that is right for us?
- I’ve put so much time and effort into building our Excel model, I don’t want to ‘start over’.
- What are the actual benefits of transitioning to a software?
This post is about the last question: we’ll look at the most obvious reasons Excel and spreadsheets do not support privacy program long-term.
By the end of this post, you’ll have 11 powerful reasons why a software solution can make your life easier, and countless possibilities to better manage your data processing.
1. Building your data model
Building a model in spreadsheets for your records of processing activities can take an enormous amount of time. Updating your model can prove a further challenge and be even more time-consuming.
This is especially true if there exists uncertainty, or different opinions, in what constitutes best practice.
As your privacy program matures, you need to be able to keep pace. The benefit of choosing a software is that the modelling structure is built into the core of the app.
2. Permissions and Access Controls
Permissions, access controls and levels of responsibilities are difficult to manage in spreadsheets. A lack of reliable audit trails can prove risky.
Granular permission levels simplify the work for everyone involved and supports the work needing to be done. A software can provide a clear role-based access permission model so you can determine who can view and change important portions of your processing records.
3. Managing Security
Security is difficult to enforce in Excel. Spreadsheets can easily get shared, copied and distributed.
A software with a robust login functionality is a must in ensuring security is taken seriously. With your records of processing centralized and protected, security issues are mitigated.
4. Engaging non-privacy colleagues
Explaining GDPR to non-privacy staff is difficult. It’s even more difficult to collect, present and show information in modelled spreadsheets to colleagues.
Your job becomes emailing or calling colleagues for input, while managing the continuous updating of processing records. Meanwhile, you most likely have more pressing (non-GDPR related) issues on your to do list.
This situation makes privacy a headache for everyone involved, and leaves you – the privacy person – left to complete all the data entry work.
By giving your colleagues a system that can guide them intuitively to contribute to your data protection work, the organisation is invited to engage. Involving your business and colleagues is a long-term necessity for efficient privacy work.
5. Modelling Complex Relationships
Needing dozens, or even hundreds, of spreadsheets is not an uncommon scenario.
Modelling complex relationships between data elements is not easy to achieve in spreadsheets. Multiple dependant sheets that need to be manually maintained becomes an administrative headache, and a resource drain.
There is also the high risk of inaccuracy.
The ability to reflect a data model with multiple aspects like risk, suppliers, data subjects, processes and assets, is not available in tools like Excel.
6. Handling Version Control
With spreadsheets, you have little to no version control. As updates are made, the possibility for errors grows. Information can easily be overwritten or keps out of sync, quickly reducing the dependability of the spreadsheets.
Not having an approval cycle to govern changes or updates is risky. Having a proper inventory of data you have confidence in, makes not only your own data protection work much easier. It is also key to satisfy regulator and data subject expectations.
7. Manual labor and waste of time
Spreadsheets can be labour intensive for the person handling privacy. You might end up dealing with data entry and maintenance tasks, when your skills could be used for more proactive tasks such as avoiding processing risks and mitigating the impact of potential threats.
Tools and intuitive software remove this administrative burden and makes managing repeatable tasks simpler and more streamlined.
8. Understanding actual risk
Managing privacy is about being in control and understanding risk. A static spreadsheet is not built for tracing risks associated with data processing.
With a software you’ll access a flexible data model built to intelligently manage risks. For example, track the effect that the addition of a new data type for a data subject group would pose on your overall processing activities.
9. Reporting and presenting information
Once all the information is properly collected and structured, there is the challenge of presenting it.
A software allows for a range of opportunities to visualise your data. You’ll have capabilities of generating reports at the push of a button, visualise dependencies and in other ways present your information.
Generating reports from an intelligent system that helps you identify gaps and risks is necessary to make your work understandable.
In addition, the speed with which you can confidently generate reports fit to respond to a subject access request or satisfy an auditor is vital.
10. Simplify Communications
A static spreadsheet gives no room for collaboration and communications. A software can help in bringing in the right people to give the right input at the right time. By choosing a tool that can involve your colleagues, privacy work can be more easily understood.
A software also allows for much easier communications with external parties, which simplifies long-term management.
The most proactive companies use transparency of their personal data processing as a sustainable competitive advantage. Some of our most successful customers are open and transparent with how they process data, which builds trust with individuals and other businesses.
Building your brand and increasing confidence by taking a stand that you believe transparent management of personal data is important.