Don’t even try managing GDPR in Excel

Michael Gentle
Nov 13, 2018 · 2 min read

If you’re not using a tool, you’re not taking it seriously

Software tools are essential to running various aspects of a company’s business, from HR to customer service. They ensure operational efficiencies and regulatory compliance. GDPR is no exception – it too will need a software tool.

The question is: what’s that tool going to be? Excel seems to be the most immediate option, given that most companies started their data privacy efforts using it. After all, Article 30’s Records of Processing, which the regulator can request at any time, is quite a trivial report that is easily done in Excel.

Don’t be fooled by the trivial Article 30 reporting

But the Records of Processing is just tip of the iceberg.

Below the waterline lies a whole raft of interconnected information, from general principles and individual rights to accountability and governance. Attempting to manage all this in a spaghetti of Excel sheets is a non-starter. Anyone who tries it will quickly realise that it is unmaintainable, unshareable and unscaleable. In short, it is a recipe for operational inefficiencies and non-compliance.

So how can tools help? I have tested over 10 GDPR tools hands-on with a trial account. The products are all SaaS cloud-based (some have on-premises options), with pricing from around €300/mth to €1500/mth based on number of users. Here are the main features I came across:

Main features found in GDPR software tools (Source: The Balance of Privacy)

Regardless of the size of your organisation or the scope of your data protection obligations, you will need a tool that is able to cover at least features 1–5. Features 6–9 are certainly desirable, and 10–11 are dependent on your type of business.

What signal do you want to send to the regulator?

Managing your GDPR obligations in a software tool will give you the operational efficiencies to focus on the actual business of data privacy and compliance. It will certainly send the right signal to the regulator that you are taking GDPR seriously.

Using Excel, however, will simply get you bogged down in admin and leave you exposed to incidents and accidents. And it will certainly suggest to the regulator that, at best, you haven’t understood what GDPR is all about; and at worst, that you are not taking it seriously.

Michael Gentle is the founder of The Balance of Privacy, based in Geneva. For similar articles by Michael, click here.

The Balance of Privacy

Data privacy is the new normal

Michael Gentle

Written by

Michael Gentle is the founder of The Balance of Privacy, a GDPR consultancy in Geneva.

The Balance of Privacy

Data privacy is the new normal

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade