Nov 11 2019 08:38 AM
Hi,
I process personal data and need strict protection (GDPR). My raw data from a survey is copied to several worksheets in a workbook and the processed anonymous data (dashboards) is in other worksheets in the same workbook.
Before sending the whole workbook with the visible dashboards to my customers I delete some of the raw data worksheets and hide others. After that I protect the structure of the workbook with a code. Now only the worksheets with the dashboards are visible.
Will it at all be possible for my customers to break the protection and get access to the sensitive raw personal data or am I completely safe?
Thanks in advance to your reply!
Best regards Per
Nov 11 2019 10:20 AM
Sheet protection and Workbook protection are coded into the file's XML (Presuming you're using an xlsx workbook) and can be removed easily. If you want something stronger I'd recommend setting a password to open and/or modify. Also, there's Information Rights Management.
Nov 11 2019 01:36 PM
SolutionYes, Excel protection is mainly the protection from the errors due to negligence. Simplest case, if you hide Sheet1 and protect structure, anyone could write in Sheet2 formulas like =Sheet1!A1 and pick-up information from hided sheet in protected structure. To find actual name of the Sheet1 is also not a big deal.
Nov 11 2019 01:43 PM
Nov 11 2019 01:52 PM
Afraid that's not exactly what GDPR is required.
Nov 12 2019 01:28 AM
Thanks for your answer. It makes sense. However I have also protected the workbook with a password for opening and anonymised all names with random numbers. Finally I have deleted all content in the hidden worksheets and deleted all previous versions of the workbook before sending to customer.
Do you think all this gives 100% protection?
Nov 12 2019 01:28 AM
Thanks for your answer. It makes sense. However I have also protected the workbook with a password for opening and anonymised all names with random numbers. Finally I have deleted all content in the hidden worksheets and deleted all previous versions of the workbook before sending to customer. Do you think all this gives 100% protection?
Nov 12 2019 01:29 AM
Thanks for your answer. It makes sense. However I have also protected the workbook with a password for opening and anonymised all names with random numbers. Finally I have deleted all content in the hidden worksheets and deleted all previous versions of the workbook before sending to customer. Do you think all this gives 100% protection?
Nov 12 2019 05:15 AM
There are password utilities that can crack the encrypted passwords. They typically use brute force method to "guess" the password. If the password is random characters and special characters it makes it very, very hard to guess.
Nov 12 2019 06:46 AM
IMHO, if you anonymised all names that's enough from GDPR point of view. Password gives another protection from unintentional access (however, it could be hacked). Deleting of previous versions gives nothing, that affects only internal environment.
I guess you are safe enough.
Nov 25 2019 12:38 AM
Nov 25 2019 01:26 AM
Dear Sergei,
One last consideration. How should I understand your phrase "affects only internal environment". My intention of removing previous versions of the workbook is that these would also contain the real names of the participants in the survey. I want to be sure that these names are truly gone for good and cannoit berecovered in some way or another if the access password is broken.
Best regards
Per
Nov 25 2019 02:36 AM
I mean if you send the file to someone outside, such person have no access to version history (OneDrive, Sharepoint, etc) and/or autosaved versions on your local computer.
If you share the file within your environment (e.g. on OneDrive) when yes, it's better to save final version as separate file and share only it.
Nov 25 2019 02:51 AM
The files without the deleted old versions of the workbooks are sent to each customer using a separate Sharepoint site I have made for each customer, that has no access to the rest of my Sharepoint sites.
Does this setup mean I do not have to delete the old versions in principle?
Nov 25 2019 01:21 PM
Nope, if they are on another site to which your customers have no access. To be sure you may click on 3 dots to the right of the file name and check version history. In addition to check site Recycle bin if nothing critical was moved to it.
Dec 02 2019 01:26 AM
Dear Sergei,
Thanks for your answers to my questions. They were really helpful!
Best regards
Per
Nov 11 2019 01:36 PM
SolutionYes, Excel protection is mainly the protection from the errors due to negligence. Simplest case, if you hide Sheet1 and protect structure, anyone could write in Sheet2 formulas like =Sheet1!A1 and pick-up information from hided sheet in protected structure. To find actual name of the Sheet1 is also not a big deal.