GDPR with MariaDB

What is the GDPR?

The General Data Protection Regulation (GDPR), which came into force on May 25, 2018, is a comprehensive data protection law that replaced, updated, strengthened and harmonized the EU data protection laws. It regulates how businesses can collect, use, and store personal data, builds upon existing documentation and reporting requirements, and authorizes fines on businesses that fail to meet its requirements.

Who does the GDPR apply to?

The GDPR regulates the “processing” of personal data of any EU resident (who is referred to as a “data subject”). “Processing” includes the collection, storage, transfer, or use of personal data. This means that any company that processes the personal data of any data subject, regardless of where the company is based, is subject to the rules of the GDPR. Additionally, the GDPR defines personal data very broadly, and includes name, email, demographic information, real-time location, and online identifiers and activity, to name a few.

How does the GDPR impact MariaDB and its customers?

In connection with the provision of its services, MariaDB may process data on behalf of its customers by virtue of the data being uploaded to MariaDB’s database-as-a-service, SkySQL, or by customers allowing MariaDB’s remote database administrators (RDBA) to access data hosted by them.

In addition, MariaDB may also process standard business contact information about its customers and their personnel authorized to access MariaDB’s offerings.

How does MariaDB help my organization comply with the GDPR?

MariaDB aims to ensure that our customers can comply with the GDPR:

  • Our standard customer contracts enable our customers to comply with the GDPR rules related to the processing of personal data, and our contracts with our own subprocessors are also compliant.
  • We support protected internal data transfers by executing Standard Contractual Clauses with our customers as needed.
  • We monitor guidance around GDPR compliance.

Does MariaDB have a Data Processing Addendum (DPA) for customers?

Yes. MariaDB has a DPA that contains provisions to assist us, and our customers, with compliance with the GDPR.

What commitments does MariaDB make with respect to the GDPR?

The GDPR requires data controllers (such as our customers using SkySQL) to only use data processors (such as MariaDB) that provide sufficient guarantees to meet the requirements of GDPR Article 28. MariaDB’s terms of service for SkySQL and our RDBA services reflect the requirements of Article 28.

Does MariaDB have an overview of its security measures?

Our Trust Center and DPA contain details of the security measures that we have implemented for SkySQL and our RDBA services.

Who are MariaDB’s subprocessors?

MariaDB Subprocessors can be viewed here.

How does MariaDB support the transfer of data outside of the European Economic Area?

The GDPR places restrictions on the transfer of personal data outside of the European Economic Area (EEA) to non-EEA recipients unless appropriate transfer mechanisms are in place. Where MariaDB transfers data outside of the EEA to a country that doesn’t ensure an “adequate level of data protection,” we rely on the Standard Contractual Clauses.

Where can I get more information?

Customers can request more information by contacting [email protected].

This page is for informational purposes only, and MariaDB does not intend the information or recommendations presented here to constitute legal advice. Each customer is responsible for independently evaluating its own particular use of MariaDB’s services as appropriate to support its legal and compliance obligations.