Security & Compliance

Test data – and GDPR

GDPR requires that all sensitive personal data are scrambled so that no test data can be attributed to a specific person.

Whilst certain people need access to sensitive data to perform their regular jobs, tester and developers do not. Therefore, it is important to handle the sensitive data appropriately, while still ensuring that the quality of the test data is good enough to support proper testing of your applications.

Data analysis

The first step is of course to determine which data can be categorised as being “sensitive”. The next step is to scramble them. You may only need to scramble certain columns or rows within a database.

Data integrity

Data integrity is an important aspect of valid test data because otherwise you will not have test data available for an entire order process, e.g.


The anonymization of data either be done manually, which may very well turn out to be a tedious and time-consuming task, or automatically used a specialised tool.

Keep in mind that you may want to apply different scrambling rules for different parts of your data.

Subsetting test data speeds up your testing

In addition to scrambling test data, subsetting is a very good idea as well because this speeds up your testing. It is hardly necessary to perform tests based on every single customer or supplier. It is merely time consuming and overkill.

The only thing to keep in mind is to ensure that the subsetted data are representative of all your data. Hence having an automated mechanism for doing so is definitely an advantage.

Define subsets for different purposes

As your subsets evolve and become increasingly targeted at different testing purposes, the quality of your testing will improve.

SOSY has a tool from Original Software which can scramble and subset data automatically.

Read more here.