Don’t even try managing GDPR in Excel

Michael Gentle
Nov 13, 2018 · 2 min read

If you’re not using a tool, you’re not taking it seriously

Image for post
Image for post

Software tools are essential to running various aspects of a company’s business, from HR to customer service. They ensure operational efficiencies and regulatory compliance. GDPR is no exception – it too will need a software tool.

The question is: what’s that tool going to be? Excel seems to be the most immediate option, given that most companies started their data privacy efforts using it. After all, Article 30’s Records of Processing, which the regulator can request at any time, is quite a trivial report that is easily done in Excel.

Don’t be fooled by the trivial Article 30 reporting

But the Records of Processing is just tip of the iceberg.

Below the waterline lies a whole raft of interconnected information, from general principles and individual rights to accountability and governance. Attempting to manage all this in a spaghetti of Excel sheets is a non-starter. Anyone who tries it will quickly realise that it is unmaintainable, unshareable and unscaleable. In short, it is a recipe for operational inefficiencies and non-compliance.

So how can tools help? I have tested over 10 GDPR tools hands-on with a trial account. The products are all SaaS cloud-based (some have on-premises options), with pricing from around €300/mth to €1500/mth based on number of users. Here are the main features I came across:

Image for post
Image for post
Main features found in GDPR software tools (Source: The Balance of Privacy)

Regardless of the size of your organisation or the scope of your data protection obligations, you will need a tool that is able to cover at least features 1–5. Features 6–9 are certainly desirable, and 10–11 are dependent on your type of business.

What signal do you want to send to the regulator?

Managing your GDPR obligations in a software tool will give you the operational efficiencies to focus on the actual business of data privacy and compliance. It will certainly send the right signal to the regulator that you are taking GDPR seriously.

Using Excel, however, will simply get you bogged down in admin and leave you exposed to incidents and accidents. And it will certainly suggest to the regulator that, at best, you haven’t understood what GDPR is all about; and at worst, that you are not taking it seriously.

Michael Gentle is the founder of The Balance of Privacy, based in Geneva. For similar articles by Michael, click here.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store