Why GDPR is Good for You (and the U.S. and Q.A.)

Regulations, especially European regulations, have a way of crossing the Atlantic and eventually becoming part of U.S. compliance. The European Union’s (EU) General Data Protection Regulation (GDPR) of 2018 not only has North American implications, but also will help CIOs accelerate the creation of autonomous IT environments while raising the quality of test data sources.

The General Data Protection Regulation (GDPR) of 2018 is a legislative framework valid across all the European Union (EU) states. Designed to replace an inconsistent patchwork of country-specific legislation, this new law strengthens consumer privacy and data protection across all EU countries.

Whether you have operations inside the EU or not, it’s possible that you, your clients, and your strategic partners will soon be required to adopt new data protection processes and controls. And how will this impact your software development and testing? Let’s explore.

Compliance Isn’t Optional
Enacted in April 2016 by the EU Parliament, GDPR allowed European countries two years to implement the new requirements, with a final deadline of 25 May 2018.

Pay special attention to any current projects which launch later in 2018. Any new contracts with terms extending beyond the deadline will qualify under the new requirements.

Tag, You’re It
Companies outside the EU are liable under GDPR if they store personal data or offer goods and services within the EU. This applies to both subscription and freemium offerings. It’s a wide net, covering customers, employees, suppliers, and partners. Before ignoring GDPR, make sure you don’t have a single EU footprint on your data.

Organizations with no EU customers or operations still need to educate themselves about the new regulations.

If you’re planning to expand into the EU in 2018, it’s time to pay attention. Ignoring the GDPR could leave you exposed to steep fines, brand erosion, and revenue loss.

Defending Your Data
As enterprises work to become GDPR compliant, QA teams will need to assess how they can maintain agility without putting consumer data at risk. Going beyond consumer data sources, QA managers should also assess all possible data-breach “touchpoints” as they pertain to testing. Here are six main areas to consider when protecting consumers:

1. Protections against malware and ransomware
2. Safeguards against unauthorized access and user identity
3. Stolen devices
4. Application Layer Access
5. Cloud Storage
6. Inadvertent or malicious data breach

On top of this, GDPR gives EU consumers the right to withdraw consent for companies to use their personal data for testing and analytics. How will you flag these consumer requests in Support and filter them in Testing to ensure compliance?

There are also geographical considerations. Do you build one system for the EU and one for all other countries?

It’s possible U.S. lawmakers will catch wind of this, and we will eventually see an Americanized version of GDPR. In that case, any investment you make now will put you ahead of the inevitable transatlantic migration.

The GDPR Payoff
GDPR has a hidden benefit for U.S. CIOs. With regulation and fines for data breaches, IT now has justification for firing up investments in cutting-edge technology, such as AI-enabled test data generation and autonomous testing platforms, to speed up development and improve quality.

Leveraging AI, CIOs can build full test data sets without having to virtualize, subset, and mask production databases to maintain regulatory compliance. By creating synthetic data based on the application being tested, testers can access robust test data sets at the click of the button, while eliminating the risk of holding consumer data.

To learn more about AutonomIQ leverages AI to create test data, click here.