5 min read

Test Data Strategy Success: Data Regulation

Featured Image

In 2023, test data remains one of the biggest blockers to fast and effective software delivery. Outdated test data management (TDM) practices don’t only reduce development speed and overall agility; they also risk legislative non-compliance, undermine test coverage, and prevent automation adoption.

Unless test data is paid its due attention, the challenges associated will persist. This is why we’ve created this “Test Data Strategy Success” blog series, to accompany Rich Jordan’s Test Data at The Enterprise video series!

The blog series introduces six tenets of a successful test data strategy, exploring how you can overcome key test data blockers. Each blog will pose and discuss key questions that your test data strategy must be capable of answering, aiming to help you accelerate and optimise testing and development across your organisation.

What Does a Good Test Data Strategy Need to Consider?

Test data practices have been stagnant for so long that overcoming bottlenecks is not as simple as “automating” existing processes. A successful test data strategy must consider a range of areas for improvement across the whole SDLC.

In this series of 4 blogs, we’ll be covering six key ideas for ensuring a successful test data strategy at your organisation, starting with data regulation. Specifically, what regulation might your organisation near to adhere to, and which policies and standards might be needed to reflect the regulations? And how does that affect the way that you handle data and design your IT systems?

Additionally, the Test Data Strategy Success series will also cover the following:

  • Architecture and Technology: Organisations will have a spectrum of technologies, both old and new. How do these technologies and their integrations challenge the way that you test, and the way that you get data into your systems?
  • Delivery Methodologies and Test Approach: With many organisations working in an agile methodology of some capacity, a successful test data strategy must also be agile, in order to deliver data at the speed required.
  • Organisational Debt: Many organisations struggle to maintain a good or up-to-date understanding of the data within their systems, or how the data flows between their systems.
  • Who Delivers the Data? Many delays in testing are down to testers waiting for data to be provisioned to them and to various environments.
  • Tooling to Meet the Strategy: Too many organisations rely on rudimental tools and techniques to create test data. Next generation tools must therefore be considered.

Watch the overview video to Test Data at The Enterprise by Rich Jordan below:


Data Regulations To Consider at Your Organisation

Test data management has become increasingly complex thanks to legislation like the EU GDPR, The California Consumer Privacy Act (CCPA), Canada’s Consumer Privacy Protection Act (CPPA), and Brazil’s LGPD. Failing to comply with data protection legislation can be a potentially devastating oversight, as fines under EU GDPR can exceed €20 million.

But what does data compliance really mean, and how might your organisation demonstrate that they are following it?

Organisations implement regulations through policies and standards. These standards mould the way systems are designed and indeed how change happens. In terms of implementing legislation, the obvious examples here are purpose limitation and data minimization. Organisations need to be able to demonstrate that they know exactly how sensitive data is being used, that the processing has a legal basis, and that data is not being used by more people than necessary or for longer than necessary.

But there are other requirements in GDPR which are incredibly useful in testing and in creating an effective test data capability, such as:

  • Privacy by design
  • Lawful, fair and transparent processing
  • Limitation of purpose, data and storage
  • Data Subject Rights
  • Consent
  • Data protection impact assessment
  • Data transfers
  • Awareness and training
  • Appointing a data protection officer

In order for organisations to ensure they are implementing privacy by design and other regulatory requirements, they need to identify and categorize data within the organisation and their IT systems. Broadly speaking, these categories fall into Personal Identifiable Information (PII), Sensitive Personal Information (SPI) and Commercially Sensitive Information. Not all live data is covered by GDPR regulations, and understanding which data is or isn’t is crucial to accelerating an organisations testing journey.

Once you know which data you are interested in, to ensure privacy by design, organisations must create and maintain Data Flows and Data Models demonstrating where sensitive data is kept and distributed across the organisation. However, a challenge often cited within large organisations is the lack of understanding of systems’ Data Models and Data Flows. This is at odds with fulfilling GDPR requirements. This in turn leads to organisations mistaking systemic and organisational problems in understanding, for problems primarily related to their data.

Legal and compliance leaders should therefore build a culture of responsible data use, to prevent data breaches and remain compliant, through the use of clear Data Flows and Data Models. This should put privacy by design at the forefront of your test data strategy.

Learn more by watching the Data Regulation episode of Test Data at The Enterprise by Rich Jordan below:


Data Privacy by Design

If your organisation complements data regulations by fully understanding how sensitive data is being dealt with at the organisation, you can deliver a far better and more effective test data strategy, in turn accelerating your testing and development journey.

Organisations must have adequate data protection and use plans in place, not only to protect themselves, but also their customers. This can be done through the adoption of privacy by design and the use of clear Data Flows and Data Models.

Here are a couple of questions you should be able to answer when setting up your Test Data capabilities:

  • What are the policies and standards that exist in your organisation to demonstrate adherence to regulation?
  • What are the processes and artifacts that exist to help you understand where sensitive data exists in your IT systems and how it flows into others?

Knowing the answer to these questions will help you test better and deliver a far more effective test data strategy!

Watch the complete Test Data at The Enterprise series by Rich Jordan to learn how you can introduce six tenants for a better Test Data Strategy at your organisation!