The safest way to handle personal data remote is to stay out
In our work, we manage our customers´s systems that often contain the personal information of their users. There are several rules for the safe handling of personal data. One of them is the management of cross-border data transfer under Chapter 5 of the GDPR Act.
Since many of our teams have developers who are remote from outside the EU, this is important to us. The easiest way to handle this is simply not to send any cross-border personal data to remote developers.
Therefore, we do this through a clear division within the team so that those who are at a distance do not have access to production environments. Thus, they cannot access personal data stored there.
How we work with systems that contain personal data
If in development we work with a system that is in operation and has personal data stored in the database, then we ensure that the corresponding database used in the development work is cleared from personal data.
To achieve this, we do the following:
First we list all text fields from all tables in the database.
After that, we include all fields that identify or relate to a person or contain personal
information, sensitive or confidential information (according to GDPR).
These fields are divided into:
a) Fields that have no format requirements.
b) Fields that have specific format requirements.
Examples are social security numbers, bank account numbers or other strings that must maintain the format for the systems to work.
Then we create a script that scans all records in the database copy and replaces field values from list 3a with a random string that matches the size of the original. Scripts maintain the character length and format so that the random text resembles the original
text. We also use a name generator for first names and last names. A random value is generated regardless of the original value. Thus, it is impossible to arrive at the original value on the basis of the randomly created value. For example, if we have two entries
with the name John then the entries after the modification will have different names. When we look at the results in the two fields, it is not possible to identify the original names.
Similarly, we do this for all fields with specific formats where the new data follows the same format as the original data.
In order to avoid that data communication contains user names or other personal data from the system, we replace these with different IDs and acronyms.
Another thing that can be sensitive is log files. Even the developers who are at a distance can sometimes have access to log files. Therefore, we must also clear them from personal data and other sensitive information. The solution is to simply make sure that
personal data is not written in the logs. Therefore, provided that this directive is followed, log files will not contain personal information or other sensitive information.