General Data Protection Regulation Testing

By Hari Krishna 3 min read

What is GDPR?

  • GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.
  • It addresses the export of personal data outside the EU.
  • The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
  • When the GDPR takes effect, it will replace the 1995 Data Protection Directive

KEY ELEMENTS OF GDPR

  • The GDPR applies to all EU organisations – whether commercial, business, charity or public authority – that collect, store or process the personal data of individuals residing in the EU, even if they are not EU citizens. Below mentioned are the key elements:
  • Data Protection Principles: Personal data must be processed according to the certain principles.
  • Data Protection by Design and by default: There should be a requirement to build effective data protection practices and safeguards from the very beginning of all processing.
  • Valid Consent: There should be stricter rules for obtaining consent.
  • Transparency and Privacy Notices: Organisations must be clear and transparent about how personal data is going to be processed, by whom and why.
  • Data Security and Breach Reporting: Personal data needs to be secured against unauthorised processing and against accidental loss, destruction or damage.
  • Accountability and Governance: Organisations must be able to demonstrate compliance with the GDPR
  • Lawful Processing: Organisations must identify and document the lawful basis for any processing of personal data.
  • Privacy Rights of Individuals: Individuals’ rights are to be enhanced and extended in a number of important areas.
  • Data Transfers outside the EU: The transfer of personal data outside the EU is only allowed with certain clauses and approvals.
  • Data protection officer (DPO): The appointment of a DPO is mandatory for with certain assigned tasks.

GDPR TEST APPROACH

Application Assessment:

Understanding the Application

  • Workflows and Business Requirements
  • Functional aspect of the application
  • Security aspect of the application

Assess Current Test Data

  • Identify confidential and sensitive data
  • Identify dataflow, data authorization and data authentication

Test Plan:

Prepare Test Plan

  • Prepare Test Strategy (Scope, Testing Types etc.)
  • Plan Test Environment
  • Test Schedule and Resource Planning

Prepare Test Checklist

  • Application Testing Checklist
  • Environment Testing Checklist
  • Database Testing Checklist

Test Execution:

Manual Verification

  • Execute Identified Scenarios (Ex: Core data related functionalities, Secured transactions, third party integration’s, Form submissions etc.)
  • Database Testing

Automation

  • Run security compliance tool (Ex: OWASP ZAP, Iron Wasp, Acunetix, Nessus etc.)
  • Running DB security assessment tool (Ex: Scuba, SQL Map etc.)

Test Reports:

Manual Testing Report

  • Test cases passed/failed report

Automation Testing Report

  • Security compliance tool report
  • DB security assessment tool report

Overall Test Summary Report

  • Tests Pass/Fail percentage


Schedule your GDPR assessment here

Contact Us


GET HELP FROM OUR EXPERTS

Over the past 19 years, we have completed thousands of digital projects globally. We have one of the largest and deepest multi-solutions digital consulting teams in the world. Our proprietary processes and years of Digital Experience expertise have earned us a 97% customer satisfaction rating with our clients ranging from Global Fortune 1000 to Mid-Market Enterprises, leading educational institutions, and Non-Profits.

DesignRush has recognized TA Digital as a top Marketing Analytics Agency.

About TA Digital

TA Digital is the only global boutique agency that delivers the “best of both worlds” to clients seeking to achieve organizational success through digital transformation. Unlike smaller, regional agencies that lack the ability to scale or large organizations that succumb to a quantity-over-quality approach, we offer resource diversity while also providing meticulous attention to the details that enable strategic success.

Over the past 20 years, TA Digital has positioned clients to achieve digital maturity by focusing on data, customer-centricity and exponential return on investment; by melding exceptional user experience and data-driven methodologies with artificial intelligence and machine learning, we enable digital transformations that intelligently build upon the strategies we set into motion. We are known as a global leader that assists marketing and technology executives in understanding the digital ecosystem while identifying cultural and operational gaps within their business – ultimately ushering organizations toward a more mature model and profitable digital landscape.

Recognized in 2013, 2014, 2015, and 2019 Inc. 5000 list as one of the most successful technology companies in the United States, TA Digital is pleased also to share high-level strategic partnerships with world class digital experience platform companies like Adobe, SAP and Salesforce and possess global partnerships with industry leaders such as Sitecore, Episerver, Elastic Path, BigCommerce, AWS, Azure and Coveo.

Hari Krishna

Written By

Hari Krishna