Current application test data management practices are not adequate to meet the compliance requirements of the EU General Data Protection Regulation (GDPR), according to CA Technologies. In fact, only 31 percent of respondents believed that their organizations’ current testing practices fully comply with the GDPR, which will affect any business that handles European personal data.
The majority of respondents were not completely confident that their organization could meet two of the key provisions of the GDPR known as the “Right to be Forgotten” and the “Right to Data Portability.” When it came to identifying, erasing and providing customers with their data:
- Only 33 percent were very confident that every piece of customer data could be identified promptly across all systems and applications.
- Only 34 percent are completely confident that their organization can erase every instance of a customer’s (test) data without delay.
- Less than half (43 percent) would be fully able to provide a customer with their data in a format accessible by them and transmissible to other formats
- A surprising 10 percent currently say that they cannot do this at all.
The study also found that organizations will need to change core processes with more than 90 percent of respondents reporting that the regulation will impact how they collect, transfer, use, process, store and send/receive personal data outside the EU.
The top technological challenges identified by 88 percent of survey participants as a potential risk to GDPR compliance include:
- Sensitive data stored inconsistently (54 percent)
- Multiple copies of production data stored across the corporate network (48 percent)
- Technical debt or poorly understood data models (30 percent)
- Ad hoc sharing of test data across personal test machines (25 percent).
To meet the GDPR’s May 25, 2018 deadline, almost nine in ten (89 percent) businesses stated that they need to invest in new technologies and services that include encryption (58 percent), analytic and reporting (49 percent) and test data management (47 percent) technologies.
“To ensure businesses can continue to trade and compete in today’s digital world, companies that have significant dealings with the EU and its citizens need to reevaluate their approach to managing test data sets and invest in the processes and tools that will ensure they meet the GDPR compliance standards,” continued Scheaffer.