General Data Protection Regulation Testing
April 23, 2018
What is GDPR?
- GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.
- It addresses the export of personal data outside the EU.
- The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
- When the GDPR takes effect, it will replace the 1995 Data Protection Directive
KEY ELEMENTS OF GDPR
- The GDPR applies to all EU organisations – whether commercial, business, charity or public authority – that collect, store or process the personal data of individuals residing in the EU, even if they are not EU citizens. Below mentioned are the key elements:
- Data Protection Principles: Personal data must be processed according to the certain principles.
- Data Protection by Design and by default: There should be a requirement to build effective data protection practices and safeguards from the very beginning of all processing.
- Valid Consent: There should be stricter rules for obtaining consent.
- Transparency and Privacy Notices: Organisations must be clear and transparent about how personal data is going to be processed, by whom and why.
- Data Security and Breach Reporting: Personal data needs to be secured against unauthorised processing and against accidental loss, destruction or damage.
- Accountability and Governance: Organisations must be able to demonstrate compliance with the GDPR
- Lawful Processing: Organisations must identify and document the lawful basis for any processing of personal data.
- Privacy Rights of Individuals: Individuals’ rights are to be enhanced and extended in a number of important areas.
- Data Transfers outside the EU: The transfer of personal data outside the EU is only allowed with certain clauses and approvals.
- Data protection officer (DPO): The appointment of a DPO is mandatory for with certain assigned tasks.
GDPR TEST APPROACH
Understanding the Application
- Workflows and Business Requirements
- Functional aspect of the application
- Security aspect of the application
Assess Current Test Data
- Identify confidential and sensitive data
- Identify dataflow, data authorization and data authentication
Prepare Test Plan
- Prepare Test Strategy (Scope, Testing Types etc.)
- Plan Test Environment
- Test Schedule and Resource Planning
Prepare Test Checklist
- Application Testing Checklist
- Environment Testing Checklist
- Database Testing Checklist
- Execute Identified Scenarios (Ex: Core data related functionalities, Secured transactions, third party integration’s, Form submissions etc.)
- Database Testing
- Run security compliance tool (Ex: OWASP ZAP, Iron Wasp, Acunetix, Nessus etc.)
- Running DB security assessment tool (Ex: Scuba, SQL Map etc.)
Manual Testing Report
- Test cases passed/failed report
Automation Testing Report
- Security compliance tool report
- DB security assessment tool report
Overall Test Summary Report
- Tests Pass/Fail percentage
Schedule your GDPR assessment here
GET HELP FROM OUR EXPERTS
Over the past 19 years, we have completed thousands of digital projects globally. We have one of the largest and deepest multi-solutions digital consulting teams in the world. Our proprietary processes and years of Digital Experience expertise have earned us a 97% customer satisfaction rating with our clients ranging from Global Fortune 1000 to Mid-Market Enterprises, leading educational institutions, and Non-Profits.
About TA Digital
TA Digital is an innovative digital transformation agency, specializing in delivering digital experience, commerce, and marketing solutions. For nearly two decades, we have been helping traditional businesses transform and create dynamic digital cultures through disruptive strategies and agile deployment of innovative solutions. We are known as a global leader in the digital technology industry for helping marketing leaders achieve their revenue targets, create profitable, omni-channel customer and commerce experiences. TA Digital has high-level strategic partnerships with digital technology companies Adobe, Microsoft, Sitecore, Acquia, Marketo, SAP Hybris, Elastic Path, IBM Watson Marketing, Coveo and Episerver. The company was named on 2013, 2014, 2015 Inc. 5000 list as one of the fastest-growing technology companies in the United States.