when looking at best practices for use of test systems I keep running into the two following topics:
One of the best practices for having productive data in testing systems is e.g. having a retention period until when those data is actually deleted as well as having full logging.
I keep hearing the argument though that log files take a lot of storage capacity equals quite a lot of money to be spend for keeping them. So it was suggested to just enable this for the critical actions, e.g. deletion, exports. My question is would this not still be an issue cause you don’t have full traceability of the user actions from a risk perspective?
Deletion of productive data in testing systems: I know due to GDPR deletion periods are important especially when having PII productive data in the test system but what is the actual risk behind if if you don’t have GDPR related data in the testing system if you don’t delete it periodically?