The advent of the General Data Protection Regulation (GDPR) has presented companies with several challenges. One key concern involves how test data is collated, interpreted and stored. What factors should be taken into account and what impacts will they have upon ongoing operations? Let us examine four crucial takeaway points.
1. Company-Wide Awareness
The concept of Test Data Management (TDM) should not only be appreciated by management and supervisory personnel. It needs to be thoroughly understood by every employee to ensure superior levels of compliance. Core variables include the anonymization of data, how sensitive information is stored and what types of end-user materials can be collected. This helps to avoid costly mistakes that could have otherwise been entirely avoided.
To be clear, some businesses will have to take more drastic steps than others. This primarily depends upon their size, how testing data was collected in the past and if there were any prior compliance issues. GDPR guidelines are extremely clear and even seemingly minor breaches can have a decidedly negative impact.
2. Formulate a Clear and Concise GDPR Strategy
Let us now assume for a moment that employees are made aware of their responsibilities. Accountability alone is hardly enough if a real-time GDPR event happens to occur. What type of plan will be put in place? Who will be notified? Will a specific individual or team be responsible for ensuring that the problem is rectified?
One excellent way to address these and similar questions is to develop a comprehensive set of rules which can be used on the fly. Furthermore, it is prudent to clarify how certain types of data (such as masked data and synthetic data) are used when addressing specific testing scenarios. The main purpose here is to (slowly) cut back upon the dependence on masked data in favor of synthetic information.
On a final note, let us remember that having a clear plan of action in place will obviously minimise the chances that a compliance issue will occur.
3. Creating a Dedicated In-House GDPR Team
The GDPR framework can be somewhat complicated for those who are not familiar with its intentions. Although it is indeed wise to increase company-wide awareness, this might not be entirely sufficient. Larger firms may be wiser to create a team dedicated to real-time compliance issues.
For example, it makes little operational sense for a sales team or a marketing analyst to spend an inordinate amount of time determining whether or not they have violated any GDPR guidelines. This will inevitably hamper ongoing relations. Core competencies such as product development and client relations could also suffer as a result.
Formulating a team of experts is the best way to ensure that the company in question remains well ahead of the GDPR “curve”. It may also be prudent to outsource these solutions to professional third-party GDPR firms.
4. The Timely Destruction of Data
One of the provisions associated with the GFPR framework involves how long data can be retained before it must be permanently erased. Although this may not present an issue to smaller firms that deal with a limited amount of information, what about larger organizations? We then need to take into account recent industry trends such as the Internet of Things (IoT) and remote workplaces.
A growing amount of customer data is now being stored on personal devices such as mobile phones and laptop computers. This presents an obvious risk in terms of security. Should this information unintentionally fall into the wrong hands (such as if a smartphone is lost), grave consequences may ensue.
Therefore, many businesses are now choosing to leverage well-known IT asset disposition services such as those being offered by Wisetek. Some options which can be chosen include:
- The physical destruction of hard drives.
- The removal of specific data.
- Remote IT support.
- In-house software and hardware audits.
- Checking to ensure that all license agreements are being fulfilled.
It often makes more sense to work in synergy with trained experts as opposed to managing such concerns via an on-site team alone.
GDPR: Little Room for Error
GDPR guidelines are intended to protect consumers as well as businesses. This is why appreciating how to effectively handle test data is a crucial part of the overall equation. As transparency takes centre stage throughout the digital community, remaining well aware of one’s professional responsibilities will help to ensure success and to carefully manage test data under GDPR.
About the Author
This article was written by Milica Vojnic of Wisetek. Wisetek are global leaders in IT Asset Disposition, Data Destruction, & IT Reuse.
Check out all the software testing webinars and eBooks here on EuroSTARHuddle.com