Protection of personal data and TDM

Protection of personal data and TDM, how to make a viable fit

In this article you will discover how to comply with the protection of personal data in software tests with TDM.

Nowadays there are companies or companies that invest a lot of money in protecting the data in the production environment, that means the real ones, coming from customers. And much of this data is sensitive data. But that payment for a security service does not offer what is looked for nor in the way that it should. Why? The main reason is that this data is copied to software development or testing environments (harming the company's risk management).

The GPDR or General Data Protection Regulation has changed the rules of the game and companies are using more and more resources to manage the risks arising from data processing (all of which it also involves large fines). Therefore, delving into a good data processing practice is the way to avoid problems and comply with the legislation on personal and sensitive information.

And the cited data, and especially the sensitive ones, is not necessary neither for the testing processes nor for a delivery on statistical studies. It is not necessary as well to analyze them from the operational point of view. Despite all this, this continues to be done, although it seems evident that, in order to access protected personal information, there must be specific and authorized personnel (both internal and external). For this reason, the GDPR recommends making use of an anonymization or pseudonymization process.

Protection of personal data

The challenge is to ensure that this data, apart from being reliable (to respect the security policies), should also be:

  1.       Complete: The test data needs to represent all the information needed by the test.
  2.       Coherent: each element or component of the data needs to respect integrity at the referential level.
  3.       Correct: it is essential that the data is adequate and useful for the type of test that it will be used for.

the objectives of the TDM

Data dissociation process and personal data protection

When there is effective management of test data, testing is not only cheaper and faster, but also more efficient. For this reason, TDM pursues these objectives:

  • That there is compliance with the regulations. It is crucial to dissociate sensitive data.
  • Cost reduction, both in terms of process times and storage costs.
  • Get valid data that is not altered during testing.
  • Ability to be reused (if the need to use it again arises, that it is available).
  • Traceability. That the data can be associated with the test case.
  • Reliability. The consequence of everything is that, in the end, the result of the test can be verified completely and in the depth that is necessary.

There is technology and there are also tools to configure a platform that anonymizes the data based on the data model provided by the client (where the necessary tables are set). After that, a data search is made according to certain general criteria. With the result of this search, a sensitive data map is created and it reflects which fields of the tables contain sensitive data and how this information can be dissociated to make it invisible to third parties.

After that, the field detection model with sensitive data is refined, until the correct (and necessary) one is created. In this phase, the involvement of the team is crucial to make sure that, in fact, all the information that needs to be dissociated it is, and to give the approval for the next phase.

It is common that, during data search and analysis procedure, some nuance that the client provides appears and that the software itself does not detect. For this, the dissociation system must be customized during the process, as well as for the periodic maintenance of the data that is recorded in the production environment. The software conjunction added to the affinity of the client makes the process generate positive results and, thus, the data is optimally dissociated for the company and according to the General Data Protection Regulation.


Icaria TDM and data dissociation

Icaria TDM is the platform that facilitates the safe use of dissociated data in software testing and information analysis processes. It is responsible for identifying the sensitive data of the applications and dissociating them automatically to facilitate the protection of personal data.

Icaria TDM provides two great advantages: the first one is the time saving for the testers, which is reduced up to 5 times, and the second, the increase in the quality of the tests. Therefore, better results are achieved while costs are reduced.

If you want to get these benefits for your software tests, request a demo now at this link.