Adopting the General Data Protection Regulation (GDPR) enhances different business and research opportunities that evidence the necessity of appropriate solutions supporting specification, processing, testing, and assessing the overall (personal) data management. This paper proposes GRADUATION (GdpR-bAseD mUtATION) methodology for mutation analysis of data protection policies test cases. The new methodology provides generic mutation operators about the currently applicable EU Data Protection Regulation. The preliminary implementation of the steps involved in the GDPR-based mutant derivation is also described
