Personal data rightly deserves a high level of protection. The situation becomes difficult in multi-level application environments (such as SAP), where this data may only be stored on the production system. But how can realistic testing be carried out without real data in the test environments?
The Big Data technologies that have emerged in recent years enable the mass storage of data, including, of course, personal data to a large extent. However, the storage and processing of precisely this data is subject to legal requirements. By default, it is not permitted to store personal data. However, exceptions are permitted; such an exception, as is typically implemented today, is a purpose-related consent for the fulfillment of a business relationship - for example, for the execution of an order, provision of a service or sending of a newsletter.
The use of personal data on test and QA systems or for development systems is critical, both in the SAP and non-SAP environment. Even consent does not permit the processing of personal data there, because consent is often collected for a specific purpose, as described above. This does not automatically include development and testing.
If you want to work with relevant data on the development, test and QA systems, it is not enough to simply encrypt it. Data is also related to each other and has certain requirements in terms of its nature. For example, after anonymization, an IBAN number should have the same length and nature as the original value, or the country in which an employee or customer lives should also be retained, as this can result in certain dependencies between the data.
Libelle AG has developed a solution for the required anonymization and pseudonymization with Libelle Libelle DataMasking (LDM). The solution was designed to produce anonymized, logically consistent data on development, test and QA systems across all platforms.
The anonymization methods used deliver realistic, logically correct values that can be used to describe relevant business cases and test them in a meaningful end-to-end manner. Furthermore, developers as well as users have a "clean" database at their disposal with which they do not have to worry about data protection.