TestDel

The GDPR has a major effect on test data management in QA

GDPR

In this age of total computerization and digital technologies, we are all concerned about who has access to our personal data and how it could be used. General Data Protection Regulation (GDPR), which protects confidentiality and privacy, went into effect on May 25, 2018. It includes data protection rules, protects confidential info, and regulates how businesses adhere to the rules. This regulation applies to the IT sector, specifically test data management and it must adhere to its prohibitions.

According to the TrustArc poll, 20% of IT firms are GDPR compliant, 53% are in the process of implementing it, and 27% have not yet begun to implement it.

To test business applications, many businesses use a different test environment. Copying output data to test is a popular approach. This allows the tester to identify the same issues as a live production server while avoiding data corruption.

The procedure for copying output data to test data involves the following steps:

  • Configure development workers to copy data to a shared test environment.
  • All PII (Personally Identifiable Information) and other confidential data is changed. The PII is replaced with non-personal data that is logically right.
  • Remove any information that isn’t important to your exam.
  • This can be copied and pasted into each tester’s or developer’s test environment. They can change it to suit their needs.

In copy production data, privacy is the most pressing concern. You should look at obfuscated and anonymized test data to avoid privacy concerns.

There are two methods that can be used to anonymize data:

  • All data fields are left unchanged in the BlackList method. Except for the fields that the users have defined.
  • WhiteList: This method anonymizes all data fields by default. With the exception of a set of fields that can be copied. A whitelisted field indicates that it is appropriate to copy the data as is, with no need for anonymization.

Also, if you’re using production info, you’ll need to think about how you’re going to get it. Using SQL script to query the database is a good way to go.

The various types of data that can be used in test data management

A testing provider must ensure the security of test data as a minimum requirement. Production data cannot be just copied to the testing environment and further displayed. There is unique data that needs to be converted or disguised. Even so, some data can be used as-is with just a few comments. We contacted TestDel experts and came up with the following options for content management during the testing process:

  • Create a test account on free services. (note: real names should not be used)
  • Use test data generators, such as generate data(dot)com
  • You can use images and video files that do not violate the copyright while testing the upload form.
  • When explaining bugs or settling contested issues with customers, use online resources to download large files and share a link (in online messengers/bug trackers, etc.).

Note: Data stored on online resources should be updated on a regular basis.

Following are the major output constraints while testing a product

Companies sign NDAs (Non-disclosure Agreements) with their employees and customers to ensure the security of their company information. As a result, there is specific information that should not be made public. Based on the problems defined by the TestDel experts, we present the information you CANNOT use when testing a software:

  • When creating test accounts, use your company email address, your first and last name.
  • Personal photographs as well as photographs of other employees of the company.
  • Photos of the company’s office, logo, and screenshots of a corporate website
  • Any client documents or files unless they are supplied for testing purposes.
  • Screenshots of correspondence with a customer
  • Offensive or forbidden content
  • Political content includes photographs, videos of hostilities, politicians, slogans, and content that promotes ethnic hatred.
  • Video clips, films reviews, and other publicly accessible content (due to possible copyright issues)
  • Links to online resources where other project files (screenshots, videos, etc.) or business internal documents can be viewed.

Conclusion

During the software testing process, a lot of data is collected. Clients provide the majority of it, which should be used in accordance with the data protection policy. The copy-paste method does not work in this case. All data should be filtered according to a specific company’s and its customers’ position. Testdel employees strictly adhere to these guidelines in order to demonstrate competence and gain clients’ trust.

Sanjeev Joshi