Data is a central corporate asset and deserves a high level of protection not only ever since the introduction of the GDPR. Test data should also be protected accordingly, because external person often have access, especially in non-production systems. Companies face the challenge here of preventing data misuse. (Source) Another dilemma: How can realistic and GDPR-conform testing be carried out without real data within the test environments?
Due to these issues being raised , many companies use various encryption methods in the area of test data management in order to ensure the protection of their data. These include anonymization and pseudonymization. But what exactly do these terms mean, and how do these encryption methods vary? Our Libelle IT Glossary Part 1 takes a closer look at these terms.
Regardless of whether your company uses encrypted real data or not, you should always maintain an overview of data protection. For this purpose, we have created the following checklist for you.
Take the data protection quick check now in order to find out whether your test data management meets the requirements of a data protection audit. Your guide to testing with real data. (Source)
✅ Have you executed tests without real data beforehand?
✅ Tests with real data are conducted exclusively in a defined and controlled environment? The data is only used for additional or minimized tests?
✅ No area-specific legal regulation explicitly prohibits testing with real data?
✅ Can a specific defect from production operations not be resolved without real data?
✅ Anonymization ort h real data would require a great deal of effort?
✅ Is there a written consent from the responsible body ort he test with real data (management)?
✅ Have you informed the company or regulatory data protection officer about the testing in advance?
✅ Are the interests of the data subjects worthy of protection and data security taken into account when conducting and evaluating corresponding tests?
✅ Only people who are needed for troubleshooting and conducting tests have access to real data?
✅ Responsible people who perform the test take responsibility to the confidentiality principle, especially regards to data protection?
✅ Is there a legitimate reason and was the access logged and even justified? And are the security measures, process, duration, and scope of the test documented within the log?
✅ Have you prepared an abridged version of the IT concept as well as a security concept for the test data management process? (Source)
Our Data Privacy Quick-Check is your orientation guide for testing with real data. Use the Data Protection Quick-Check for a quick inventory with which you can check the GDPR requirements for your test data management.
By answering the above questions, you could quickly get an insight into how data protection stands in relation to your test data management. If one or two questions could not be answered with a clear "YES", you should talk to your data protection officers within the company. (Source)
If several requirements are not met in your company, you should obtain more detailed information and take action within these areas.
Test data management is not only about data protection, but also about the automated provision of test data, as offered by our dream team Libelle SystemCopy and Libelle DataMasking. Resetting data after it has been used, logging the validity, age and consumption status of test data are also important parts of test data management.
Read more about this in our blog post on "What is test data management (TDM) actually?".