I'm not sure I posted this to the right community, but the organization I'm currently working on currently uses a single SQL data warehouse bunch of tables from different sources for different purposes. This data warehouse has (as far as I can tell) two or three environments. Dev, QA and production.
Recently, I was granted access to the Development Data Warehouse SQL Server for a software development project I'm working on, and I found a set of 2012-2013 employee confidential data tables in plain text (including National Insurance Numbers, Next of kin details, qualification details, addresses, telephone numbers, license plates, etc.).
This development server is accessed by a number of developers in my organization (including myself) for various projects.
1) I do not think that this data should be stored in the development environment (I think that at some point everything was copied back from the production server).
2) I do not think these details should be stored in plain text so anyone can see them through a simple SQL query.
3) I do not think that I and other developers in the organization should have free access to these tables.
I'm pretty sure my employer does not know this and stores all this information in clear text in the production environment. I also think that this violates a kind of privacy or GDPR law.
I talked to my boss about it, but they seem to gloss over it and ignore the problem / do not want to get involved.
How do I report this without even getting in trouble to view these tables?