Skip to the main content.

Curiosity Modeller

Design Complex Systems, Create Visual Models, Collaborate on Requirements, Eradicate Bugs and Deliver Quality! 

Product Overview Solutions
Success Stories Integrations
Book a Demo Release Notes
Free Trial Brochure

Enterprise Test Data

Stream Complete and Compliant Test Data On-Demand, Removing Bottlenecks and Boosting Coverage!

Explore Curiosity's Solutions

Our innovative solutions help you deliver quality software earlier, and at less cost!

robot-excited copy-1              AI Accelerated Quality              Scalable AI accelerated test creation for improved quality and faster software delivery.

palette copy-1                      Test Case Design                Generate the smallest set of test cases needed to test complex systems.

database-arrow-right copy-3          Data Subsetting & Cloning      Extract the smallest data sets needed for referential integrity and coverage.

cloud-cog copy                  API Test Automation              Make complex API testing simple, using a visual approach to generate rigorous API tests.

plus-box-multiple copy-1         Synthetic Data Generation             Generate complete and compliant synthetic data on-demand for every scenario.

file-find copy-1                                     Data Allocation                  Automatically find and make data for every possible test, testing continuously and in parallel.

sitemap copy-1                Requirements Modelling          Model complex systems and requirements as complete flowcharts in-sprint.

lock copy-1                                 Data Masking                            Identify and mask sensitive information across databases and files.

database-sync copy-2                   Legacy TDM Replacement        Move to a modern test data solution with cutting-edge capabilities.

Explore Curiosity's Resources

See how we empower customer success, watch our latest webinars, read our newest eBooks and more.

video-vintage copy                                      Webinars                                Register for upcoming events, and watch our latest on-demand webinars.

radio copy                                   Podcasts                                  Listen to the latest episode of the Why Didn't You Test That? Podcast and more.

notebook copy                                           eBooks                                Download our latest research papers and solutions briefs.

calendar copy                                       Events                                          Join the Curiosity team in person or virtually at our upcoming events and conferences.

book-open-page-variant copy                                          Blog                                        Discover software quality trends and thought leadership brought to you by the Curiosity team.

face-agent copy                               Help & Support                            Find a solution, request expert support and contact Curiosity. 

bookmark-check copy                            Success Stories                            Learn how our customers found success with Curiosity's Modeller and Enterprise Test Data.

file-document-multiple (1) copy                                 Documentation                            Get started with the Curiosity Platform, discover our learning portal and find solutions. 

connection copy                                  Integrations                              Explore Modeller's wide range of connections and integrations.

Better Software, Faster Delivery!

Curiosity are your partners for designing and building complex systems in short sprints!

account-supervisor copy                            Meet Our Team                          Meet our team of world leading experts in software quality and test data.

calendar-month copy                                         Our History                                Explore Curiosity's long history of creating market-defining solutions and success.

check-decagram copy                                       Our Mission                                Discover how we aim to revolutionize the quality and speed of software delivery.

handshake copy                            Our Partners                            Learn about our partners and how we can help you solve your software delivery challenges.

account-tie-woman copy                                        Careers                                    Join our growing team of industry veterans, experts, innovators and specialists. 

typewriter copy                             Press Releases                          Read the latest Curiosity news and company updates.

bookmark-check copy                            Success Stories                          Learn how our customers found success with Curiosity's Modeller and Enterprise Test Data.

book-open-page-variant copy                                                  Blog                                                Discover software quality trends and thought leadership brought to you by the Curiosity team.

phone-classic copy                                      Contact Us                                           Get in touch with a Curiosity expert or leave us a message.

4 min read

GDPR and testing: A few questions to ask yourself

GDPR and testing: A few questions to ask yourself

I’ve been harping on about GDPR and other recent developments in compliance for years now, and it’s good to see QA organisations are now seriously grappling with compliance as a pressing issue. With each new data breach, and each new study on consumer concern for data privacy, the need to consider data privacy is only re-affirmed. Yet, what I consider to be higher risk practices still remain common in testing, and the latest World Quality Report finds that 60% of organisations still use raw production data in test environments for example.

Below, I’ve gathered together some research and news articles that have come out within the last year or so, each related to GDPR and compliance in some way. The intention is to use fresh data to re-iterates a point already well made by others: the practice of using raw production data in less secure test environments should be examined seriously. It should be scrutinised in terms of security, data breach prevention, and compliance, and only then should it be judged to be “okay”.

I’m no legal expert, and the below represents only my personal interpretation on the importance of recent legislation for testing best practices. However, I hope some of these questions provide some pause for thought. Please feel free to leave your comments on the impact of legislation for QA below, or drop me a direct message.

Questions to ask yourself:

  1. Do you have informed and actively given consent, or another legitimate ground for using that data? Can you show that you have permission from the EU ‘data subject’ to use their information in the way it’s being applied in test environments? You might have a lot of test cases, and a lot of data; what measures are in place to ensure consent, or another legitimate grounds for data processing, are being satisfied in testing?
  2. Are you abiding by the rules around Purpose Limitation and Data Minimisation? Do you know that the data is being used by only enough people, and kept for only long enough, to fulfil the service for which that person consented to the use of their data? Can you prove it if audited, or do you have another legitimate purpose for processing the data? Can you be sure that your test teams are not holding on to data indefinitely, perhaps unaware they still have it, even after consent has expired or been withdrawn?
  3. What about Purpose Limitation and the Right to Erasure? How reliably can you remove every instance of that person’s data in test environments if they request its deletion, or if you no longer need it to fulfil the service for which they provided it? Finding every instance of data quickly and reliably can be difficult with large IT estates, especially with a mixed back of new and legacy components. Storing sensitive data in test environments can make this worse, and tools and techniques will be needed for performing rapid and reliable data profiling and lookups. What if testers and automation engineers are keeping handy data in a handy spreadsheet on their local machine?
  4. What about citizen’s Right to Data Portability and Right to Erasure? Again, can you find every instance of data if someone asks for it to be deleted, or if they ask for a copy of it in a format readable by them? This must occur “without delay” – how good is your current infrastructure for finding every instance of data, copying it, and provisioning it in a readable format like an Excel spreadsheet?

The stakes are high:

You might answer ‘yes’ to some or all of the above questions, and some of the most advanced tech organisations can evidently rapidly find and provision user data upon request for example. However, in my view, these questions deserve careful, honest, and ongoing consideration. The stakes are high:

  1. Since the implementation of GDPR in 2018, there have been a whopping 278 data breach notifications per day.In time, we will also learn of the impact of the California Consumer Privacy Act, introduced this past New Year’s Day.
  2. The UK’s ICO and other national agencies are showing their willingness to serve unprecedented fines for data breaches. In July the ICO announced planned fines of £183 million and £99.2 million for instance.
  3. Consumers and the general public today care about data privacy, and are prepared to act on it. 97% US adults are “somewhat or very concerned about protecting their personal data.” 32% globally are “privacy actives”, who have already acted by switching companies or providers over data or data-sharing policies.

In my experience, several organisations lack the infrastructure or understanding of their complex data to be able to guarantee that they have located every instance of sensitive information in test environments. Extracting and provisioning that data rapidly can likewise be tricky, especially when working with a mixed bag of homegrown techniques. If that sounds familiar, the above questions around Erasure, Portability and Data Minimisation might be particularly pertinent.

If I decide that I cannot use production data, should I mask or generate? Or both?

The latest World Quality Report also finds that 65% of organisations anonymize at least some of the production data they use in testing, and over half generate synthetic test data. Masking can offer a way to mitigate against many compliance requirements when testing, as well as against the risk of a data breach. However, a few things should be considered when deciding how to create data to provision to test environments:

  1. Test data environments are necessarily less secure and would ideally therefore contain no personally identifiable information (PII) from a security standpoint. Ask yourself: How sure are you that no sensitive information can be garnered from masked data? What about when the information left visible in masked data sets is combined with other sources, for instance readily available information online or in other data sources available at your organisation?
  2. Masking is complex and can damage the integrity of data. This is particularly true when reckoning with complex data trends, for example temporal patterns in historical data. If you can mask and retain all the data relationships, you can most likely synthetically generate data from scratch using the same data model. While some great technologies exist for masking, you might consider generation in some as a way to create wholly fictitious data. This will furthermore also unlock the benefits of synthetic data generation.
  3. Masking existing data does nothing to improve the quality of the test data, or the speed with which it is allocated to tests. Why not turn compliance into an opportunity for faster, higher coverage, and potentially more accurate testing? Generating missing data needed to test applications rigorously offers a method for doing just this, especially when the data “Find and Makes” are performed automatically as a standard step within test execution.

In other words, synthetic test data generation is a technology that can enable greater security, while also facilitating more rigorous, faster testing. The reality is that few organisations will be able to wholly replace their data with comprehensive synthetic data over night. However, a hybrid approach is possible, gradually replacing production data sources with synthetic or virtualized data streams. This in turn feeds accurate and rigorous testing, often with less likelihood of sensitive data making it to test environments.

What do you think – do these align with your interpretation of current legislation and its relation to testing, and what are the main challenges we’re facing as a community to meet consumer concern for how we use their data or not? Please feel free to drop me an email with your thoughts.

Book a Demo

Key risk factors to mitigate during a data migration

Key risk factors to mitigate during a data migration

Part one in this article series summarized the shockingly high failure rates for migration projects, identifying data migration as a key area of...

Read More
We Need to Talk About Test Data “Strategy”

We Need to Talk About Test Data “Strategy”

For many organisations, test data “best practices” start and end with compliance. This reflects a tendency to focus on the problem immediately in...

Read More
5 Ways to Keep Your Test Data Compliant

5 Ways to Keep Your Test Data Compliant

As a result of the constantly evolving environment of global data protection legislation, test data management has become increasingly complex....

Read More
28 questions to ask yourself when picking a data generation tool

28 questions to ask yourself when picking a data generation tool

Data generation enables organisations to create data of the right variety, density, and volume for different testing and development scenarios, all...

Read More
Is test data the engineering problem to solve in 2024?

Is test data the engineering problem to solve in 2024?

It’s 2024 and the risks associated with poor test data practices show no signs of abating.

Read More
Time to migrate from your legacy test data (TDM) tools? Here’s how.

Time to migrate from your legacy test data (TDM) tools? Here’s how.

If you’re reading this, you’re probably already painfully familiar with the complaints that Curiosity hear from organisations seeking alternatives to...

Read More
The Democratisation of (Test) Data

The Democratisation of (Test) Data

A glance at industry research from recent years shows that test data remains one of the major bottlenecks to fix in DevOps and CI/CD:

Read More
Test data compliance: How to rewrite your organization’s DNA

Test data compliance: How to rewrite your organization’s DNA

“We mustn’t use live data for testing”. This is the reason why most organizations start to look at superficial solutions to certain challenges that...

Read More
Test Data Strategy Success: Tooling to Meet The Strategy

Test Data Strategy Success: Tooling to Meet The Strategy

Today, many organisations rely on rudimental tools and techniques for creating and managing their test data. These outdated techniques not only...

Read More