The soon-to-be-implemented General Data Protection Regulation (GDPR) brings with it new requirements for businesses, such as better proof of security, enhanced rights for employees over their data and more emphasis on data accuracy.

It puts HR teams at the forefront of compliance – and those that haven’t digitised their HR data, but instead rely on spreadsheets, paper files and digital forms, are most at risk.

Illustration of spreadsheets with a cross

This article highlights three reasons as to why spreadsheets don’t work when it comes to GDPR compliance.

Spreadsheets are not secure

To be GDPR compliant, data must be processed in a manner that ensures security. Even with password protection, sending your spreadsheets between your colleagues puts confidential information at risk.

  • Spreadsheets are rarely for informational purposes only. They are generally designed to be updated or manipulated to help with other activities. That means granting at least some degree of permission over the contents – and with permission comes the ability to copy and save.
  • Spreadsheets can be emailed to anyone – and you have absolutely no idea who they get forwarded on to, and how they are used.
  • Spreadsheets can show more than you intend. It’s not uncommon for spreadsheet users to hide fields and forget them. As this article points out, what was hidden can be unhidden.

If there is a data breach, you may find it impossible to demonstrate that you have implemented technical and organisational measures to show that you have considered and integrated data security into your processing activities.

Spreadsheets are almost impossible to keep accurate

GDPR dictates that all the personal data you hold should be accurate, complete, and be put right when it’s not. However, HR has to deal with vast amounts of data that change all the time.

Manually updating these changes in spreadsheets can be a cumbersome and ineffective process, especially when the data is being entered into multiple documents. Human error is highly likely, as it’s easy to misplace a figure or delete a cell by accident. In fact, research from Salesforce shows that 88% of all spreadsheets have significant errors in them.

When data is shared between colleagues, it’s almost impossible to know who has the most up-to-date version, thus leading to further inaccuracies.

Spreadsheets are slow to collate

Although the current data legislation states that employees can request a copy of their data from their employers, under GDPR, you need to respond much more quickly. If your data is inaccurate and fragmented because it is scattered across multiple versions of the same spreadsheet, or in paper files, it becomes virtually impossible for HR to collate the correct employee information and send it to them within the timeframe specified by the regulation.

Quite aside from the time wasted by you and your colleagues collating information required to respond to the request, there is a genuine business risk. The ICO (the enforcement body in the UK) will chase up organisations that fail to respond within time, or those who respond with incomplete information.

Is Cloud HR software the solution?

Investing in an affordable, cloud-based HR systems – like Cezanne HR – will go a long way towards GDPR compliance.

Firstly, it lets you centralise all of your data in a single, secure system that makes use of user authorisations based on roles to ensure managers and employees only see the information they are allowed to see.

Secondly, you can allow employees to see and correct their own data, with changes routed to HR to be checked and validated. You remain in control of the data, but with added employee transparency. By reducing mistakes and streamlining processes, you can save a lot of time and money whilst staying GDPR compliant.

And, it’s worth noting that the regulation recommends providing self-service access to data.

Last but not least, we’ll work with you to upload the data you already have in your HR spreadsheets into Cezanne HR. You can be up and running with a secure, easy-to-update and GDPR-compliant system in just a few weeks.

Chris Wells author image

Chris Wells