🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Excel's limitations in managing GDPR compliance

Home GDPR Excel's limitations in managing GDPR compliance

The GDPR requires in article 30 the keeping of a Processing Register. This register is a real snapshot of the company's activities where personal data is used.  

Mandatory information in its register

This register can be kept freely (text document, Excel workbook...) but it must include a certain amount of mandatory information:  

  • Stakeholders involved in the processing register. These may be subcontractors, external service providers, internal services...
  • The categories of data processed (marital status, professional life, personal life...) and who can access this data
  • The purpose of the processing, what the data collected is used for
  • How long is the data you have kept
  • The measures that have been put in place to protect personal data. These may be technical or organizational measures.

The limits of an Excel registry

However, there are a number of limitations to using Excel to maintain compliance.  

  • Only one user will have to complete the file. Indeed, it is very complex to work with several people on a file and the consistency of the information can be degraded. The GDPR is a process that must be carried out collaboratively by the DPO and employees. In addition, there is a risk that the person could alter the document voluntarily or not;  
  • The quality of the information: certain information, such as the identity of the data controller, data descriptions, etc... are identical. Multiple entries of the same information can be a source of errors.  
  • No traceability: the GDPR requires traceability of activities and information. If a change is made to the processing the information must be retained, i.e. the company must be able to prove which processes were in place at a given time. With Excel, if the information is purely deleted and replaced in the spreadsheet it will be impossible to version;  
  • An Excel allows you to keep only the Processing Register: this is not, however, the only mandatory procedure of the GDPR. It is also necessary to have procedures concerning personal rights, data breaches, impact analyzes, the subcontractor register...
  • Associating documents, for example contracts or guarantees put in place, is difficult via Excel. The locations of these documents may vary and it is no longer possible to find the document.  

In view of these arguments, the use of a software solution seems more suitable in order to ensure the traceability of documents but also their centralization.  

A software solution will also make it possible to integrate employees into the GDPR compliance process, which will allow faster deployment and membership.

Other articles
on the same subject