DSGVO-konforme Testdaten – realistisch, anonymisiert und automatisiert
Using real production data in development or test systems is not only risky, but in many cases also illegal. Under the General Data Protection Regulation (GDPR) in particular, the use of non-anonymized data in test environments can result in heavy penalties. Furthermore, the use of production data in test systems jeopardizes your company's intellectual property: customer information, pricing structures, contract content, and sales strategies are among the most sensitive assets.
eperi® sEcure solves this problem with a scalable platform for test data generation based on tokenization, masking, and encryption—just-in-time and automated.
What is test data generation?
Test data generation refers to the creation of test data that is either synthetic, pseudonymized, or anonymized. The aim is to provide realistic test data sets that correspond to the original data in terms of structure and format. This data is ideal for software testing, migrations, QA, or training systems without violating data protection regulations such as GDPR, PCI-DSS, or PII guidelines.
Typical challenges – and how eperi solves them
Problem | Solution with eperi® sEcure | |
Use of real data in test systems | Tokenization and masking before or during export | |
Data transfers to third countries (cloud/offshore) | Reversible or irreversible tokenization possible | |
Poor data quality in generated data | Format-valid tokens with RegEx support | |
Plain text access by administrators or developers | Real-time encryption in the data stream | |
Procedural model: Four steps to secure test data usage
Three flexible application forms
- Inline in the production system: Data is anonymized directly upon retrieval
- Export to test environments: GDPR-compliant transfer for development and QAS
- File-based processing: Support for CSV, XML, JSON, Excel, and other formats
Powerful tokenization – ready to use right away
Supported data types (out-of-the-box):
- Numbers, words, pronounceable words,
- IBAN & BIC, credit card numbers,
- Social security numbers for different countries,
- Email addresses,
- License plates for various countries,
- Dictionary tokenizer (e.g., for names, street names, etc.),
- Date (including time or age verification),
- postal codes
- and many more using RegEx patternss
Options:
- Reversible and irreversible tokenization,
- Configurable multiple use of tokens,
- RegEx support for custom tokenizers,
- Prefix / Infix / Suffix for tokens
Features:
- Replacing the original data in the source table,
- Copying and replacing data during tokenization into another database and table,
- Processing CSV file content using APIs
Compatible with over 20 platforms & formats
Comparison: eperi® sEcure vs. conventional test data solutions
| Feature | eperi® sEcure | Other providers (validated) |
| Generation of GDPR, ISO, and PCI DSS-compliant test data | Yes | Yes / Partially |
| Format-valid tokenization | Yes | Partially |
| Cloud and on-premise support | Full | Partial |
| Development & support from Germany | Yes | Mostly international |
| No code refactoring necessary | Yes | Partially necessary |
| DevOps-enabled (CI/CD integration) | Limited | Yes / Limited |
Practical example: Secure testing of insurance data
“With eperi® sEcure, we can generate realistic test data in seconds—without any risks from production data or GDPR violations.” – IT Security Manager, global insurance group
By using eperi® sEcure, an international insurer was able to fully automate several critical test environments, establish DORA compliance, and simultaneously shorten development cycles by 35 percent.
FAQ: Frequently asked questions about GDPR-compliant test data generation
Is the use of real data permitted in test systems?
Not usually. According to the GDPR, real data may only be processed if the purpose is legally legitimate. This is almost never the case for testing purposes.
How does tokenization differ from anonymization?
Tokenization replaces values with placeholders that are format-valid. Anonymization, on the other hand, is permanent and irreversible.
Does eperi also support DevOps?
The solution is limited CI/CD-capable and API-driven.
Partner
Newsletter
Sign up for our newsletter and receive regular updates on data protection topics, changes in legislation and the further development of eperi® sEcure.