Quite pragmatically, software developments in companies are often tested with a copy from the productive system.
However, this violates the Data Protection Act and the use of data for testing purposes is not permitted.
By using synthesized or anonymized data in conjunction with comprehensive technical and organizational measures, the DSG requirements can be implemented.
However, these protective measures often do not exist in test systems.
What data is used for testing in your company?
Reconcile data protection and systematic testing.