Hi,

Does anyone have experience with handling instances and data in a setup with an external partner working out of India or another country outside the EU?

Our concern is in relation to data. According to EU legislation we are not allowed to handle specific data elements outside the EU, so we are looking into options on how to handle this, so that we can have developers working out of e.g. India.

Options discussed so far:

1. Data masking. So e.g. emails are anonymized, but we still have data available for testing, e.g. users with certain roles, but without being able to identify the individual
2. “Offshore instance” with synthetic data. Besides the DEV, TEST and PROD setup we have today, we can have a fourth instance for offshore development. This or these instances would live in parallel with our DEV, TEST and PROD, and instead of cloning with data we would only clone the setup setup, and then create synthetic data on the instance(s). Then we would need to have a setup where we can merge developments on the instances for testing before committing updates to PROD
3. Current setup with DEV, TEST and PROD but with synthetic data on DEV and TEST. Which means that both nearshore and offshore resources will be working with synthetic data

If you have any experience with this, I would like to know how you have approached it.