Before replicating data or using data in non-production systems copied from the production system, perform a risk analysis and obtain data owner approval. Then, implement privacy risk mitigating techniques such as anonymization, pseudonymization, etc. (if required).
Obtain authorization from data owners, and manage associated risk before replicating or using production data in non-production environments.