The General Data Protection Regulation (GDPR), which came into force on May 25, 2018, is a comprehensive data protection law that replaced, updated, strengthened and harmonized the EU data protection laws. It regulates how businesses can collect, use, and store personal data, builds upon existing documentation and reporting requirements, and authorizes fines on businesses that fail to meet its requirements.
The GDPR regulates the “processing” of personal data of any EU resident (who is referred to as a “data subject”). “Processing” includes the collection, storage, transfer, or use of personal data. This means that any company that processes the personal data of any data subject, regardless of where the company is based, is subject to the rules of the GDPR. Additionally, the GDPR defines personal data very broadly, and includes name, email, demographic information, real-time location, and online identifiers and activity, to name a few.
In connection with the provision of its services, MariaDB may process data on behalf of its customers by virtue of the data being uploaded to MariaDB’s database-as-a-service, SkySQL, or by customers allowing MariaDB’s remote database administrators (RDBA) to access data hosted by them.
In addition, MariaDB may also process standard business contact information about its customers and their personnel authorized to access MariaDB’s offerings.
MariaDB aims to ensure that our customers can comply with the GDPR:
Yes. MariaDB has a DPA that contains provisions to assist us, and our customers, with compliance with the GDPR.
The GDPR requires data controllers (such as our customers using SkySQL) to only use data processors (such as MariaDB) that provide sufficient guarantees to meet the requirements of GDPR Article 28. MariaDB’s terms of service for SkySQL and our RDBA services reflect the requirements of Article 28.
Our Trust Center and DPA contain details of the security measures that we have implemented for SkySQL and our RDBA services.
MariaDB Subprocessors can be viewed here.
The GDPR places restrictions on the transfer of personal data outside of the European Economic Area (EEA) to non-EEA recipients unless appropriate transfer mechanisms are in place. Where MariaDB transfers data outside of the EEA to a country that doesn’t ensure an “adequate level of data protection,” we rely on the Standard Contractual Clauses.
Customers can request more information by contacting [email protected].
This page is for informational purposes only, and MariaDB does not intend the information or recommendations presented here to constitute legal advice. Each customer is responsible for independently evaluating its own particular use of MariaDB’s services as appropriate to support its legal and compliance obligations.