Random? Un-audited? Shadow IT?
WTF? It would be a tool supplied by IT so hardly shadow IT. Your staff should be fully aware and trained in GDPR by now so know what information they can hold and you can easily check what is being saved and where.
The alternative - well many HR departments are still creating manual forms (word forms) or PDF. This information is completely insecure, has no oversight, not ability to audit and can be done by anyone in your organisation today.