Legacy tracking methods such as Microsoft Excel spreadsheets has sufficed in some instances for several years, however that is all about to change.
A once-off ‘tick-box’ approach is likely to present significant compliance risks, therefore planning an ongoing compliance approach is essential.
Data processing is collecting, storing, recording, and even deleting personal data.
When considering an ongoing approach we need to ask:
- What is expected of employees
- What are the consequences for non-compliance?
- How will your company approach requests for personal data?
- What are your obligations as an employer?
A once-off ‘tick-box’ approach is likely to present significant compliance risks.
Now under GDPR, non-compliance penalties present further risks that could result in large fines. Beyond that, there is also company reputation on the line, which could result in lost customer orders.
How Excel Represents a GDPR Risk
The GDPR has outlined seven key principles. They are:
- Lawful, fair and transparent processing
- Purpose limitation
- Data minimisation
- Accurate and up-to-date processing
- Limitation of storage
- Confidential and secure
- Accountability and liability
Considering this, how does the use of Excel spreadsheets for tracking employee data represent a new compliance risk?
The ability to search and provide employees access to their data is unreasonably difficult and time consuming with Excel spreadsheets.
Difficult to Limit Purpose
Excel’s arduous version control means that additional and unnecessary data creeps into the spreadsheet.
Poor Data Minimisation
Excel spreadsheets are notorious for containing duplicate data, which can be difficult to identify.
With duplicate data comes inaccurate data and further human error, which becomes impossible to track.
Excel spreadsheets are often stored in different locations such as company servers and personal devices, making it difficult to track.
With poor storage comes the risk of a data breach. How do you know who has access to the spreadsheet? This includes accidental loss and the intentional manipulation of data.
When required to ‘prove’ compliance, Excel spreadsheets are a poor option for reporting, either to management or auditing bodies.