Can I Use Excel to Manage My Data Protection Management Programme?

A Data Protection Management Programme (DPMP) is a system used to establish an effective data protection infrastructure within the organisation. The framework consists of the following elements:

  • Assessing risks within the organisation (in relation to inventory and data flows)
  • Protecting the information assets of the organisation by implementing security and privacy controls
  • Sustaining the programme through training, communication, and regular audits
  • Responding to privacy/data breach incidents

How Software Can Help Manage Your Organisation’s DPMP

Investing in data protection tools and data privacy software is one of the most effective ways you can protect and manage your organisation’s data protection management programme. Aside from investing in data protection tools, many also invest in GRC platform and GRC software to make everything flow smoothly.

Can Excel Be Used to Manage DPMP?

Excel can be a managing medium for a privacy programme. Not only that, Excel cannot support privacy programs in the long run. Below are some of the obvious reasons why Excels (and spreadsheets) are not the best medium for the job:

Building your data model.

Using Excel to record your activities can take a massive amount of time. Not only that, when the time comes to update your model, it would not only be challenging but more time consuming as well. As your privacy program matures, it is recommended that you are able to keep pace. Using a software is far more beneficial (and ideal) as it is built in the core of the app.

Access and Permission Controls

Access controls, permissions, and levels of responsibilities can be difficult to manage when using only spreadsheets. In addition, lack of reliable audit trails can also be risky. Granular permission level will simplify the work for all the parties involved and can effectively support the work that needs to be done. 

A software can help ensure you have a clear role-based access permission model so you can easily determine who can view and change critical portions of your processing records.

Managing Security

Security can be very difficult to enforce when using Excel. It is important to keep in mind that spreadsheets can be easily copied, distributed, and shared. A software on the other hand comes with a strong login functionality. When your records of processing are protected and centralised, security issues can be effectively mitigated.

Engaging Non-Privacy Colleagues

Explaining data protection to a non-privacy person can be very difficult. Moreover, it would be more difficult to present, collect, and show information in modelled spreadsheets. That said, you can end up constantly calling or emailing colleagues for input while constantly updating records.

It’s safe to assume you would have other pressing activities that are not related to data protection on your to-do list. This setup can make privacy a massive headache for all the parties involved. You will also be spending a huge amount of time completing all the data entry work.

Modelling Complex Relationships

When working on your data protection programme, needing dozens (if not hundreds) of spreadsheets is not uncommon. Modelling complex relationships between data elements can be difficult (if not impossible) to achieve when using spreadsheets. Multiple independant sheets will need to be maintained manually and this can drain resources and give you an administrative headache.

Then you will also need to deal with the high risk of inaccuracy. Your ability to reflect a data model that has multiple aspects like suppliers, data subjects, risk, processes, and assets is not possible in tools like Excel.