November 10 – 12, 2020

Online Edition!

Derive test data from production data while respecting GDPR

Martin Boesgaard

Inspiration on how to improve test data quality.

You existing solutions for generating test data from production data is most likely not GDPR compliant.

What it takes to generated high-quality test data from production data in a compliant way.

Become prepared for discussing with IT Security Department & GDPR Data Protection Officer


Derive test data from production data while respecting GDPR

Good test data is the very foundation of good testing. The best test data is production data, which is typically not legal. How to derive test data from production data in a legal and secure way?

Good test data is the very foundation of good testing. But good test data is hard to get. If you create it manually or build a script or program to generate test data, the test data will probably reflect your understanding of- and expectations to production data rather than the actual properties of the production data. For that reason, it is unfortunately not uncommon to use production data or data trivially derived from production data for testing.

Using production data for testing has problems of its own. GDPR (the new EU privacy lay) applies to such data. It obviously applies when using production data directly. But surprising to many, GDPR also applies in almost all situations when test data is based on scrambled or anonymized production data.

Overall content of the talk:

- The importance of good, representative and “fresh” test data and the importance of fast, cheap and low-friction access to the test data.

- Metrics for test data (how to measure test data quality).

- Which are the compliance and security challenges (GDPR, Segregation of Duties, data loss prevention, corporate policies, etc.).

- A helicopter view of the most relevant articles of GDPR.

- A helicopter view of the techniques that can be used to protect data, such as anonymization, pseudonymization, synthetic data, tokenization, and format-preserving encryption.

- Strategies for generating test data while respecting privacy and security.

- How to ensure GDPR compliance.

- What to do and where to start.

Martin will also make sure to address some of the most prominent and serious misconceptions, such as that many believe that data can easily be anonymized (and thus get out of GDPR scope) and that hash function can ensure privacy.

Without good test data, your test is not representative to the real-life production situation.

More Related Sessions

Two-Day Tutorial (12-hour Workshop)


Exploring systems quality in a distributed world

Equipment required

45-minute Keynote

17:45-18:30 Room F2 - Track 2: Talks

Being Lucky

30-min New Voice Talk

11:55-12:25 Room F1 - Track 1: Talks

The Synthetic Monitoring Maturity Model

Full-Day Tutorial (6-hour Workshop)


Practical Ethics for Tech Teams

If you like AgileTD you might also be interested in :

Your privacy matters

We use cookies to understand how you use our site and to give you the best experience on our website. If you continue to use this site we will assume that you are happy with it and accept our use of cookies, Privacy Policy and Terms of Use.