Select Page

Spreadsheets: A risky approach to managing GDPR compliance

John Verver

John Verver

CPA CA, CMC, CISA

Using spreadsheets for GDPR compliance is less than ideal. Here’s how purpose-built software can help, and how to choose the right one.

In May 2018, the European Union (EU) General Data Protection Regulation (GDPR) came into effect to give European citizens more control over their personal data. Learning that non-compliance could result in fines as high as 20 million euros, organizations of all kinds were scrambling to meet its requirements. CEOs and leaders were taking a special interest in the matter to make sure their organization didn’t make the news headlines for the wrong reasons.

We are past the initial scramble to comply, but that doesn’t mean you can rest easy. You should be evaluating the systems and processes you implemented in the first place to make sure they’re best fit for your compliance goals.

“With today’s increasing compliance requirements and new daily regulations, spreadsheets just aren’t practical.”

A short-term solution can become a long-term problem

You’re not alone if you’re using Excel (or other Microsoft Office products) for your compliance systems. Many organizations use excel for much of their risk and compliance processes, so it’s assumed Excel can also handle GDPR compliance.

But spreadsheets aren’t a good long-term solution. Over time, organizations find themselves with a sprawling universe of spreadsheets and worksheets that are expected to address an ever-increasing number of requirements for managing multiple aspects of risk and compliance. With today’s increasing compliance requirements and new daily regulations, spreadsheets just aren’t practical.

The drawbacks to spreadsheets are well known. They’re:

  • Prone to error and many forms of unreliability
  • Confusing and difficult to navigate
  • An administrative effort to coordinate and manage effectively
  • Not built to support complex workflows, even when combined with the use of SharePoint and Outlook/Exchange
  • Clumsy mechanisms for producing integrated reports and dashboards.

GDPR compliance processes themselves are not substantially different in nature from many other compliance processes (e.g., SOX, FCPA), but there is a lot to manage. Consider just how many processes your business undertakes, internally or by service providers that involve some aspect of data privacy. It’s a lot of work—too much to be done in spreadsheets.

A better way to manage GDPR risks and compliance

There’s a lot at stake with GDPR compliance. Choosing to use in-house developed systems or generic tools is risky. On the other hand, integrating your systems and using data to drive your strategy within a software designed specifically for the purpose, can reduce the risk of compliance failures, lower the cost of compliance, and provide evidence of a strong defensible position in the event that regulators come knocking at your door.

eBook

Better Practices for Compliance Management

You’ll learn:

  • 5 common challenges with compliance management
  • What a high-performance compliance management process looks like
  • Where to start for your own compliance management transformation
  • Top 8 compliance processes where technology can raise the bar
  • Key technology considerations for achieving a high-performance compliance program.

Download eBook

Related Articles

Find us in Gartner MQ for IT Risk Management

Gartner names Galvanize (formerly ACL and Rsam)* a Leader in the 2019 Magic Quadrant for IT Risk Management

Learn what you should be looking for when selecting an ITRM solution.

Download the report