If I go over the answers, there is no magical answer, that is indeed the way of working we must follow as best practice.
Still we aren't working like that, laziness perhaps? Too few people, not enough time to do things? If a customer has a problem, it should be repaired the day before... So in real life, we are happy copying production data to our dev machines 🙁
In the light of privacy, security leaks, ... I'm searching to change that and to reduce the risk we are taking.
Meanwhile, I find out that we have already licenses for the Redgate's SQL Tool belt which includes apparently the data masking tool, so I can experiment with it. In the past, even someone did experiment with it, but abandoned it because lack of time.
Thanks for the follow-up.