GDPR: the perils of HR spreadsheets and how to avoid them in summary…
- The General Data Protection Regulation (GDPR) poses significant challenges for HR departments, particularly those relying on spreadsheets for data management. Spreadsheets are prone to human error, lack security measures, and make it difficult to track data changes – all of which can lead to GDPR non-compliance.
- HR departments should consider moving away from spreadsheets and adopting HR software solutions. These systems offer better data security, easier access control, and efficient data management, helping businesses to comply with GDPR.
- GDPR compliance is not just about avoiding penalties, but also about building trust with employees. Ensuring data privacy and security can enhance the employer-employee relationship, contributing to a positive work environment.
General Data Protection Regulation (GDPR) demands businesses provide better proof of security, enhanced rights for employees over their data and more emphasis on data accuracy.
It puts HR teams at the forefront of compliance – and those that haven’t digitised their HR data, but instead rely on spreadsheets, paper files and digital forms, are most at risk.
This article highlights three reasons as to why spreadsheets don’t work when it comes to GDPR compliance.
Spreadsheets are not secure
To be GDPR compliant, data must be processed in a manner that ensures security. Even with password protection, sending your spreadsheets between your colleagues puts confidential information at risk.
- Spreadsheets are rarely for informational purposes only. They are generally designed to be updated or manipulated to help with other activities. That means granting at least some degree of permission over the contents – and with permission comes the ability to copy and save.
- Spreadsheets can be emailed to anyone – and you have absolutely no idea who they get forwarded on to, and how they are used.
- Spreadsheets can show more than you intend. It’s not uncommon for spreadsheet users to hide fields and forget them. As this article points out, what was hidden can be unhidden.
If there is a data breach, you may find it impossible to demonstrate that you have implemented technical and organisational measures to show that you have considered and integrated data security into your processing activities.
Spreadsheets are almost impossible to keep accurate
GDPR dictates that all the personal data you hold should be accurate, complete, and be put right when it’s not. However, HR has to deal with vast amounts of data that change all the time.
Manually updating these changes in spreadsheets can be a cumbersome and ineffective process, especially when the data is being entered into multiple documents. Human error is highly likely, as it’s easy to misplace a figure or delete a cell by accident. In fact, research from Salesforce shows that 88% of all spreadsheets have significant errors in them.
When data is shared between colleagues, it’s almost impossible to know who has the most up-to-date version, thus leading to further inaccuracies.
Spreadsheets are slow to collate
Although the current data legislation states that employees can request a copy of their data from their employers, under GDPR, you need to respond much more quickly. If your data is inaccurate and fragmented because it is scattered across multiple versions of the same spreadsheet, or in paper files, it becomes virtually impossible for HR to collate the correct employee information and send it to them within the timeframe specified by the regulation.
Quite aside from the time wasted by you and your colleagues collating information required to respond to the request, there is a genuine business risk. The ICO (the enforcement body in the UK) will chase up organisations that fail to respond within time, or those who respond with incomplete information.
Is Cloud HR software the solution?
Investing in an affordable, cloud-based HR systems – like Cezanne HR – will go a long way towards GDPR compliance.
Firstly, it lets you centralise all of your data in a single, secure system that makes use of user authorisations based on roles to ensure managers and employees only see the information they are allowed to see.
Secondly, you can allow employees to see and correct their own data, with changes routed to HR to be checked and validated. You remain in control of your people data, but with added employee transparency. By reducing mistakes and streamlining processes, you can save a lot of time and money whilst staying GDPR compliant.
And, it’s worth noting that the regulation recommends providing self-service access to data.
Last but not least, we’ll work with you to upload the data you already have in your HR spreadsheets into Cezanne HR. You can be up and running with a secure, easy-to-update and GDPR-compliant system in just a few weeks. You can learn more about how Cezanne HR keeps your data safe and secure here.
Author bio
With over twenty years’ experience under his belt in the HCM Tech industry, Cezanne HR’s Chief Operating Officer John Hixon has been a driving force behind the company’s meteoric rise. From ambitious start-up to one of the leading SaaS HR brands, over the past ten years, John has been instrumental in developing an HRIS platform that brings people and businesses together.