Guest user Created: Dec 23, 2017 Last commented: Dec 23, 2017

Best practice

We know that best practice is to not have production data in non-production/development environments. However, does GDPR require that production data not be stored in non-prod/dev environments? Or, as long as the non-prod/dev environment is properly secured, then it’s acceptable?

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Dec 23, 2017

Answer:

The EU GDPR does not distinguish between production and non-production environments.

As long as personal data is concerned, information technology systems processing personal must be adequately protected as to ensure the ongoing, confidentiality, integrity, availability and resilience as required by Article 32 Security of Processing of the EU GDPR (https://advisera.com/eugdpracademy/gdpr/security-of-processing/).

So, in strict EU GDPR terms, it does not matter the environment where the data is stored if the requirements of Article 32 mentioned above are considered.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Dec 23, 2017

Expert Advice Community

Best practice

Best practice

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

NPS form - GDPR Rules

Questions about CCTV in GDPR

EU GDPR questions