Track Talk W8

Get Sensitive Data OUT of Testing

Huw Price

12:00-12:45 CEST Wednesday 8th June

It’s been several years now since the 2018 implementation of the EU General Data Protection Regulation (GDPR), yet many organisations still commonly face the challenge of using sensitive data in testing. The stakes are high for organisations, with risks including massive fines, reputational damage, and customer churn. Many organisations are in turn forbidding the use of raw production data in less-secure test environments. Testing then often finds itself stuck between a rock and a hard place: It can no longer rely on unedited production copies for testing, but the sheer complexity of historical production data makes it seem like there is no alternative to copying data in its raw form.

This talk will explore the challenges posed by changing data privacy legislation for test data “best practices” today. It will consider the challenges of using raw production data in test environments, drawing on regulations like the EU and UK GDPR. The hard reality of the compliance risks for testing will be illustrated by examples of fines levied by Data Protection Authorities for the improper use of data, discussing the challenges posed to testing by requirements like Data Minimisation, Purpose Limitation, and the Right to Erasure.

I will then discuss how you can craft a test data strategy that not only mitigates compliance risks, but also boosts overall testing speed and coverage. I will set out considerations for balancing the complexity of historical data with the pressing need to make complete and compliant data available on demand to parallel testers, developers, and automation frameworks. This will survey the strengths and potential drawbacks of techniques like data masking, synthetic test data generation, and automated test data allocation.

Overall, this talk aims to equip you with an understanding of the sizeable challenges posed by test data today, and a sense of the different paths that you can take towards the best solution for you. Come join me to fix compliance issues, remove the time lost to testing bottlenecks, and boost testing rigour with richer test data.