The problem with proving a record has been removed in Excel.
In the last of the series we looked at GDPR implications of using Excel for keeping client data. Now we look at the capacity of Excel to produce an audit trail once an action has been undertaken.
Reviewing aged records in Excel.
One of the requirements of the new GDPR rules is to have procedures in place to review records to archive/delete those with those that you have no reason to keep for your organisational purposes. A policy would need to be drafted to determine an appropriate time limit for keeping records. Just keeping data for “just in case” will no longer be acceptable.
There is no function in Excel to automatically track and highlight records entered prior to a predetermined date. You could insert your own date field, but that would have to be filed in manually, open data entry errors (I once saw a delivery made in 1876). A macro maybe written to do this but it’s complicated and messy. Organisations that operate in such a manner will not be compliant as they cannot show due care for client confidentiality.
Upgrading to a database.
For organisations that are in this position, now should be the time to upgrade to a database solution that can hold client information in one place. Rules can be applied to track who has accessed, modified or deleted a record. All databases can produce an audit trail that can report on each user’s activities within the systems. You can also construct hierarchies of user rights that restrict a person’s ability to access, read or change certain sets of data. This also has cyber security benefits. Even if a server were compromised, there would be an extra layer of security provided by using database credentials. I have had a client’s whole system go down with ransomware, but the database still functioned. Users of cloud-based systems would need to make sure separate rules apply, as the data is held off-site. (see cloud based accounting software) Bespoke databases based on SQL, or more accessible solutions such as Filemaker, can have these access and time sensitive rules applied.
Next in the series: GPDR issues for reviewing records in CRM databases. For more information on GDPR see our FAQ page.
About the Author.
Malcolm Ford has 25 years business experience ina wide variety of sectors. He advices companies on software solutions for their business including ERP CRM and document management solutions.