Developers setup with offshore resources - data handling outside EU

Lasse Korsgaar1
Tera Contributor

‎11-14-2023 05:42 AM

Hi,

Does anyone have experience with handling instances and data in a setup with an external partner working out of India or another country outside the EU?

Our concern is in relation to data. According to EU legislation we are not allowed to handle specific data elements outside the EU, so we are looking into options on how to handle this, so that we can have developers working out of e.g. India.

Options discussed so far:

  1. Data masking. So e.g. emails are anonymized, but we still have data available for testing, e.g. users with certain roles, but without being able to identify the individual
  2. “Offshore instance” with synthetic data. Besides the DEV, TEST and PROD setup we have today, we can have a fourth instance for offshore development. This or these instances would live in parallel with our DEV, TEST and PROD, and instead of cloning with data we would only clone the setup setup, and then create synthetic data on the instance(s). Then we would need to have a setup where we can merge developments on the instances for testing before committing updates to PROD
  3. Current setup with DEV, TEST and PROD but with synthetic data on DEV and TEST. Which means that both nearshore and offshore resources will be working with synthetic data

If you have any experience with this, I would like to know how you have approached it.

0 Helpfuls
  • 1,472 Views
9 REPLIES 9

Lasse Korsgaar1
Tera Contributor
In response to Michael Bay1

‎11-22-2023 01:58 AM

We have the same need - for the partner to do Servicedesk and support.

 

I am interested to learn how you technically did the data split? If we have data that a support/development center in India are not allowed to see`/handle, but they need access to do support - how did you handle that?

0 Helpfuls

Michael Bay1
Tera Contributor
In response to Lasse Korsgaar1

‎11-22-2023 04:09 AM

Hey Lasse

We didn't do the data split as they should be able see all to do the support as Servicedesk etc.  The Admin work on the platform was done inhouse. Maybe you SN account manager can help with a reference SN client having sourced....

0 Helpfuls

Lasse Korsgaar1
Tera Contributor

‎11-22-2023 05:26 AM

Hey Michael,

 

Thank you for your responses. I will dig futher into it to see what to do.

0 Helpfuls

loganmary68
Giga Contributor

‎04-22-2024 06:10 AM

Yes we do have

 

Check out on Offshore Development Center Services in India

0 Helpfuls

TarunNagar
Tera Contributor

‎05-06-2025 04:46 AM

To comply with EU data protection laws while working with offshore developers, many companies use synthetic or anonymized data. A common approach is maintaining a separate offshore development instance populated only with synthetic data, ensuring no personal data leaves the EU. Data masking in DEV and TEST environments is also effective, provided it's irreversible and ensures individuals can't be re-identified. Merging offshore code into the main pipeline can be done via CI/CD with clear controls. Whichever setup you choose, ensure it aligns with GDPR requirements and is validated by your DPO or legal team.

0 Helpfuls