Afternoon all - hopefully an easy Friday afternoon question.
I am new to practicing Data Protection, whilst I am comfortable with current DP legislation I would be interested in hearing the views of experienced DPO's.
As a Local Authority we have a legal obligation to carry out a Boundary Review and we have an issue. We 'want/have to' to use live data in the test system. I have been told that there it can't be anonymised nor can we obtain dummy data. The system is over 20 years and we do have a project underway to replace it. They system is Acolaid in case you've heard of it and is used by Planning, Building Control, Environmental Health and Land Charges.
I am aware of a recent discussion regarding the use of 'live' data in a training situation and someone mentioned a BSI document dating back to 2009, it was on the use of live data in a test environment which I found very useful, particularly when my opposers are saying this is new under GDPR and I have been saying this was the case under DPA98. However I have been asked to reach out to DPO colleagues for their input and experience as we have 2 schools of thought:-
To cover off this particular request we are carrying out a DPIA which will detail why it really has to be live data, why dummy or anonymised data cannot be used. So we will be doing it by exception. However as I said above I have been asked to get feedback from experienced DPO's on what has been the norm to date.
Thank you everyone
Have a lovely weekend...
All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html
Selected commands (the command has been filled in below in the body of the email if you are receiving emails in HTML format):
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html and are sent in the body of an otherwise blank email to [log in to unmask]
Any queries about sending or receiving messages please send to the list owner [log in to unmask]
(Please send all commands to [log in to unmask] not the list or the moderators, and all requests for technical help to [log in to unmask], the general office helpline)