Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

GDPR: Are your spreadsheets making you an easy target?

Ruth McFarland, ACA, Finance and Operations Manager, Synapse, writes about how to protect financial data on the move   

The Data Protection Bill become UK law on the 25th May 2018 and it will have far-reaching consequences with the potential for significant fines for violation of the new rules. While many key principles and concepts remain the same, there are several new prescriptive requirements and those found to be non-compliant, could face fines of up to €20m or 4% of global annual turnover, whichever is greater.

Privacy is undoubtedly at the forefront of GDPR, in part because of the sharp rise in data breaches over the last five years, and it is hoped that by replacing out of date legislation, digital trust can be deepened.

Ruth McFarland
Ruth McFarland

GDPR affects all parts of an organisation but for the purpose of this article, we will focus on the ramifications for Group FDs and those involved in the financial reporting process in Group Companies. It is not an unusual scenario for hundreds of Excel spreadsheets to be distributed to local finance teams each month for planning and performance tracking and the sharing of this highly confidential information is frequently achieved by email with a simple file attachment. Under the new rules, any organisation sharing confidential data in this way puts itself at risk of a data breach, which is defined as ‘an incident leading to destruction, loss, alteration, unauthorised disclosure of, or access to personal data’. This includes the scenario of when data is sent to the wrong recipient.

The biggest risks are the loss of information and misuse of information. To reduce this risk, ask yourself:

  • How might information get lost? Look at all the places that this might happen and close the gap or put in place a procedure to test the gap at regular intervals.
  • Are you encrypting all financial information?
  • Is there a process in place to protect data when in transit? A moving target is more difficult to protect than static data!
  • What information could be misused?
  • Who might misuse the information? Misuse is something that could happen inside your office so take a look at the different roles your team fulfils and what information they might come across

We know that Microsoft Excel is the traditional tool of choice for presenting and analysing data and calculations and there are now over 750 million users worldwide. However, GDPR puts the onus on organisations to protect their data and this is more difficult when the data is on the move. Those using older versions of Excel are more likely to be at risk as multiple users are not able to work together on the same spreadsheet and email is likely to be used to share the latest version.

GDPR puts the onus on organisations to protect the data it shares across the team as it collects it and to safeguard it when sharing with management, shareholders and other stakeholders. Appropriate security measures can be put in place with the help of an encryption tool that encrypts all data held in spreadsheets and also with the help of new Cloud technologies that effectively re-engineer spreadsheets and make them suited to the new world of GDPR.

By employing a radically different approach to an age-old problem, finance teams can integrate their existing spreadsheets and other disparate data sources (such as MS Access and core ERP) into a single solution with none of the large-scale data migration issues and with minimal disruption. Everyone works right inside Excel, everyone enjoys direct benefit, and everyone retains Excel’s legendary flexibility but with the added bonus of being able to protect all sensitive financial data in line with GDPR. All users have to log into the system before they can see what data is being held and this provides the necessary layer of protection to prevent a data breach and sensitive financial information falling into the wrong hands.

As any member of the team changes any cell of data in their local spreadsheet, a record is written to a secure audit database showing a time stamped trail of all changes by all users no matter where they are. This is crucial in relation to GDPR as if data is lost or misused, a trail will be needed for the Information Commissioner’s Office.

This becomes a completely robust process that will deliver reliable numbers and spreadsheet data is synchronised with each member of the finance team, ensuring that their work is shared accurately with every other team member. Data quality is guaranteed because all of your spreadsheet business rules and formulae are preserved in the cloud database and then executed in such a way as to ensure data integrity.

Data protection is not only important from a compliance and business value protection point of view, it is also key to fostering the digital economy and gaining a competitive edge. The use of smart technology to deliver next generation Enterprise spreadsheets has the potential to aid GDPR compliance and ensure that the data door is not left wide open.

Please get in touch if you would like to find out more about how we can help Group Finance teams protect their financial data.

Synapse Information develops Cloud CFO, a complete solution for Group Company Consolidated Primary Financial Statements, Forecasting and Statutory Accounts.