GDPR, HIPAA & PCI Data Privacy Testing IBM i

Trusted by companies worldwide

IBM i Application Quality Management Data is at the heart of any enterprise application and Test Data is the heart of a good test environment. Regulations, such as GDPR and HIPAA, mandate the data masking of personally identifiable information to comply with regulations. Test Data should not contain any information that can be used to identify an individual.

Our Test Data Management solution addresses issues of disk space, data verification, data confidentiality, and protracted test duration. Control and management of test data ensure that every test starts with a consistent and known data state, which is essential for effective testing.

Checking both the visible test results and the changes to the underlying data is a key principle of AQM (Application Quality Management), a task that is practically impossible to accomplish manually.

IBM i Test Data Management- A Best Practice Guide

Understand the key principals and techniques relating to test data environments on the IBM i, IBM iSeries & IBM AS/400.

What is GDPR?

GDPR matters

The General Data Protection Regulation (GDPR) is a European Union (EU) directive that came into effect in May 2018. It protects the privacy of EU residents and gives them control of their data, how it is used, and the right to see that data. If you are wondering what will happen in the UK after the Brexit transition period, these regulations have also been enshrined in UK law in the form of the Data Protection Act 2018.

For UK and EU citizens

The regulations apply to any personal data held in the EU irrespective of where the individual lives, and to personal data of any EU or UK citizen held outside of the EU. Access to information that can be used to identify an individual must be limited to those with a need to access that information.

Relevant data

For example, a person responsible for shipping orders needs access to a customer’s name and address, and the items that they have ordered, to fulfill the customer’s request. They do not need, nor should they have, access to that individual’s credit card details, date of birth, etc.


It is also imperative that data relating to an individual must be accurate.

What do the regulations mean for Test Data

Live Data

It has generally been accepted that ‘live’ data should not be used for testing, and in some cases this has effectively been mandated (HIPAA in the US, for example). With GDPR, it is wholly inappropriate to use data that can be used to identify and individual, for testing purposes.


GDPR refers to Pseudonymization, a process that transforms personal data in such a way as it cannot be attributed to a real person. Pseudonymized data can “no longer be attributed to a specific data subject without the use of additional information”, according to GDPR legislation. That means that you need to limit the potential exposure and pseudonymize the data.

So, what can you do about Test Data?

No excuses

It is often claimed by organizations that the Terms and Conditions of doing business with them state that personal information may be used for testing purposes. While this may be true, it does not excuse them from taking all precautions to protect that data.

Scramble, de-identify and obfuscate

The obvious thing to do is to scramble, de-identify, obfuscate, and/or mask sensitive information. This requires an analysis of the data to highlight where and how sensitive data is stored. This is likely to already have been done during preparations for GDPR. Next, you need to decide what to do to the data to remove the ability to identify a real person from it. This means choosing the most appropriate pseudonymization method.

Data sub-setting

 Reducing the size of the test data, through sub-setting, will limit the potential for non-compliance; sub-setting will also make testing easier and quicker, saving time and increasing the speed at which you can get business-critical changes into production.

Test Data Management Solutions

Retain formatting and other data properties.

Original Software’s TestBench provides code-free, easy to define mechanisms for the pseudonymization of data and uses data masking techniques to mask personally identifiable information, while still retaining the formatting and other data properties that are important for testing.

Code-free data extraction and sub-setting

TestBench provides an easy to use, code-free solution for the extraction and sub-setting of data to create test data environments. As with pseudonymization, data referential integrity is always maintained.

Focused environment

The result is a smaller, more focused test data environment with no information that can be attributed to a real individual.

TestBench IBM i Modules

A comprehensive, proven test data management, verification and unit testing solution that  integrates with other solutions for total application quality.

Stop copying the entire live database and hone in on the data you really need. Select or sample data with full referential integrity preserved.

Simply decide which fields need to be protected and use a variety of obfuscation methods to protect your data.

Track every insert, update and delete including intervening data states. Create rules so that data failures are flagged to you automatically.

Avoid the painful save/restores and stop attempting to explain bad test results based on poor initial data.

Comparing outputs is a well proven method to verify your test results but it is laborious and prone to error.This unique solution can save hours.

Get under the covers and analyse at a program/module level what happens in the database, APIs, parameters, messages and beyond.

We understand

We understand the challenges associated with testing and compliance. Feel free to reach out to one of our advisers and see how we can help.

We are sorry to tell you that using Internet Explorer as your browser won’t give you the best experience of this website.

To get the best value visit us via Chrome, Edge or Firefox