GDPR in QA: influence on test data management
by Emma Dallas | November 26, 2018 12:36 pm
In the world of total computerization and digital techniques we all concern about the access to our personal information and its possible use. General Data Protection Regulation (GDPR) came into effect on May, 25 2018 and is meant to protect confidentiality and privacy. It contains data privacy laws, protects personal information, and controls the way organizations stick to this regulation. IT sphere and particularly test data management[1] are covered by this regulation and should correspond to its restrictions.
According to the TrustArc survey[2], 20% of IT companies are compliant with GDPR, 53% are on the stage of its implementation, and 27% have not yet started to apply it.
Types of data you can use in test data management
Test data security is an essential requirement a testing provider should guarantee. Production data cannot be just copied to the testing environment and further displayed. There is specific information that should be transformed or masked. Still, some data can be used as it is with few remarks only. We consulted QATestLab specialists and defined possible ways of content management during the testing process:
- create test accounts on free services (note: real names should not be used)
- use test data generators, e.g., generatedata(dot)com
- when testing the upload form, you can use pictures and video files that do not violate the copyright
- use online resources for downloading large files to share a link (in online messengers/bug trackers, etc., when describing bugs or resolving disputed issues with customers).
Note: data that are stored on the online resources should be regularly refined.
Main restrictions for content while testing a product
To ensure business information security, companies sign NDA (Non-disclosure Agreement) with employees and with clients they work with. Therefore, there exists definite information that should not be revealed to the public. Basing on the issues, specified by the QATestLab experts, we present information you CANNOT use while testing a software:
- corporate emails with your first and last name when registering test accounts
- personal photos and photos of other company employees
- photos of the company’s office, logo, and screenshots of a corporate site
- any client documents or files, unless they are provided for testing purposes
- screenshots of correspondence with a customer
- offensive content
- political content: photos, videos of hostilities, politicians, slogans, as well as content calling for incitement of ethnic hatred
- video clips, films reviews and other publicly accessible content (due to possible copyright issues)
- links to online resources where it is possible to view other project files (screenshots, videos, etc.) or company internal documents
Conclusion
A lot of information is used during the software testing process. Most of it is provided by clients and should be used according to data protection policy. ‘Copy-paste’ principle does not work here. All information should be filtered according to the position of a definite company and its customers. Employees have to follow these rules to show competence and earn the trust from clients.
Learn more from QATestLab
Related Posts:
- test data management: https://qatestlab.com/services/test-management/
- TrustArc survey: https://www.trustarc.com/blog/2018/07/13/trustarc-research-74-of-companies-expect-to-be-gdpr-compliant-by-the-end-of-2018/
- Why CMS-based Websites Require Testing: https://blog.qatestlab.com/2019/10/15/cms-websites-testing/
- Mind Maps in Software Testing: https://blog.qatestlab.com/2019/06/06/mind-maps-testing/
- 5 Tips to Build Effective Test Data Strategy: https://blog.qatestlab.com/2016/04/12/test-data-strategy/
Source URL: https://blog.qatestlab.com/2018/11/26/gdpr-software-testing/