Can I test with personal data when developing a system or application?
“That is not recommended. Testing is a complex process, requiring care and multiple separate environments. Testing with personal data involves risks.
The people you process personal data from do not expect you to use their data for testing purposes. This means, among other things, that you must have a separate basis for testing.
- Not necessary and alternatives are available in the market
Furthermore, it is often not necessary to test with personal data, because alternatives are available in the market. That is one of the reasons why testing with personal data is difficult to reconcile with the GDPR.
Only at the end of a development and testing process (when you deploy to production), you can read personal data into the new system during the transition or conversion. And that processing must also be done very carefully.”