GDPR in QA: influence on test data management

GDPR in QA: influence on test data management
November 26 12:36 2018 Print This Article

In the world of total computerization and digital techniques we all concern about the access to our personal information and its possible use. General Data Protection Regulation (GDPR) came into effect on May, 25 2018 and is meant to protect confidentiality and privacy. It contains data privacy laws, protects personal information, and controls the way organizations stick to this regulation. IT sphere and particularly test data management are covered by this regulation and should correspond to its restrictions.

According to the TrustArc survey, 20% of IT companies are compliant with GDPR, 53% are on the stage of its implementation, and 27% have not yet started to apply it.

GDPR Compliance in IT companies

Types of data you can use in test data management

Test data security is an essential requirement a testing provider should guarantee. Production data cannot be just copied to the testing environment and further displayed. There is specific information that should be transformed or masked. Still, some data can be used as it is with few remarks only. We consulted QATestLab specialists and defined possible ways of content management during the testing process:

  • create test accounts on free services (note: real names should not be used)
  • use test data generators, e.g., generatedata(dot)com
  • when testing the upload form, you can use pictures and video files that do not violate the copyright
  • use online resources for downloading large files to share a link (in online messengers/bug trackers, etc., when describing bugs or resolving disputed issues with customers).

Note: data that are stored on the online resources should be regularly refined.

Main restrictions for content while testing a product

To ensure business information security, companies sign NDA (Non-disclosure Agreement) with employees and with clients they work with. Therefore, there exists definite information that should not be revealed to the public. Basing on the issues, specified by the QATestLab experts, we present information you CANNOT use while testing a software:

  • corporate emails with your first and last name when registering test accounts
  • personal photos and photos of other company employees
  • photos of the company’s office, logo, and screenshots of a corporate site
  • any client documents or files, unless they are provided for testing purposes
  • screenshots of correspondence with a customer
  • offensive content
  • political content: photos, videos of hostilities, politicians, slogans, as well as content calling for incitement of ethnic hatred
  • video clips, films reviews and other publicly accessible content (due to possible copyright issues)
  • links to online resources where it is possible to view other project files (screenshots, videos, etc.) or company internal documents

Conclusion

A lot of information is used during the software testing process. Most of it is provided by clients and should be used according to data protection policy. ‘Copy-paste’ principle does not work here. All information should be filtered according to the position of a definite company and its customers. Employees have to follow these rules to show competence and earn the trust from clients.

Related Posts:

About Article Author

view more articles
Emma Dallas
Emma Dallas

has one-year experince in blogging, technical writing, and copywriting.

View More Articles