Turn GDPR Compliance into an Opportunity for Better, Faster Testing

Ever-tighter data privacy legislation like the EU General Data Protection Regulation and The California Consumer Privacy Act has made test data a pressing problem for organisations worldwide. It has put testing firmly on the radar of ‘the business’, who are now actively concerned with how data is being used in both testing and development.

This presents an opportunity for QA. The current business concern – and its associated budget – offers a chance to transform one of the most cumbersome and time-consuming testing processes: test data provisioning. However, this transformation requires a complete solution to the time and quality issues associated with current test data management.

Such a solution will be set out on Curiosity’s next webinar: Test Data Automation: Delivering Quality Data at Speed. You can sign up for that today. This blog provides a flavour of the challenges and solutions that will be discussed live on June 23rd.

Test data and GDPR compliance: understanding the risk

Using raw production data in less secure test environments is today riskier than ever.

Firstly, it raises questions around consent and the legitimate grounds for processing data in QA. Meanwhile, internal human error remains the number one cause of costly data breaches. Sharing sensitive information across test environments therefore increases the risk of damaging data breaches, for which the fines today can be in the hundreds of millions.

Organisations today furthermore often lack the infrastructure to locate one person’s data reliably across sprawling test environments. This makes it near-impossible to delete or share a copy of that person’s information on demand, potentially breaching both an EU Citizen’s Right to Erasure and to Data Portability.

Masking production: Not a complete solution

The simplest way to avoid massive fines and brand damage is to limit access to sensitive information across the organisation, and masking production data before it moves to test environments is therefore a minimum for most organisations.

The challenge is that anonymising production data can be slow and complex. This in turn replaces compliance concerns with QA bottlenecks, swapping one set of testing challenge for another.

These bottlenecks in data provisioning arise because masking complex data from numerous sources is inherently complex. The relationships and complex trends that exist within and across data sources must be retained, even as sensitive information is removed.

Manually masking data therefore creates a bottleneck in test data provisioning. It leaves ‘parallel’ test teams and data-hungry automation frameworks waiting idly for a limited number of out-of-date copies of data, making it impossible to the latest system within an iteration.

Masking furthermore does nothing to improve the variety of production data, which lacks the outliers and unexpected results needed for rigorous testing. QA can in turn only execute a fraction of the tests needed for sufficient test coverage, exposing systems to costly and damaging bugs in production.

Figure 1 – Production Data can only execute a fraction of the tests needed for sufficient coverage.

Manually masking and moving production data to test environments accordingly creates a dependency and bottleneck. This undermines testing speed and quality, and conflicts with the principles of continuous testing, DevOps, and “Agile”. Testing at the speed of iterative delivery and automated test execution demands a new approach.

Turn GDPR Compliance into an Opportunity for Better, Faster Testing

Rigorous testing at the speed of iterative delivery and automated testing requires constant access to comprehensive test data. That means data with which to execute every positive and negative test, available exactly when and where testers and automation frameworks need it.

A test data strategy today must therefore move beyond the logistics of a central team copying data slowly to test environments. Test data should no longer simply be “managed” in this way, but must instead be made available in a way that improves testing speed and quality.

Providing this “agile test data” is possible with the new paradigm in test data technology: “Test Data Automation”. TDA standardizes test data management processes and makes them re-usable on demand within automated testing and CI/CD pipelines. Testers can embed in the re-usable processes in both automation and manual testing, finding and making complete test data as tests are generated or executed:

Automated Test Data Allocation
Figure 2 – Automated “Find and Makes” allocate all the data needed to execute a test suite, prepared on-the-fly.

This approach to test data moves beyond the logistics of GDPR compliance. It enables a modern approach to test data that is:

  1. Compliant, masking data as it is found and allocated to exact test cases.
  2. Built for quality, generating missing data combinations as unique data sets are found and made for a particular test suite.
  3. Self-service and on demand, triggering re-usable data jobs from a self-service portal or embedding them within automated testing and CI/CD processes.
  4. Parallelized, producing unique data combinations for each test to avoid clashes during execution and cross-team constraints.

Sound interesting? Come and see for yourself! Sign up for our next webinar on May 12th: Test Data Automation: Delivering Quality Data at Speed