The General Data Protection Regulation (GDPR) aims to strengthen personal data protection in Europe, and affects the way we all do business. Compliance with GDPR is a top priority for MongoDB and our customers. MongoDB can be a key facilitator on your GDPR journey with our customer-centric approach to data protection, control, and compliance.
The GDPR is a European privacy law that became enforceable on May 25, 2018. The GDPR replaces the EU Data Protection Directive and is intended to reconcile data protection laws throughout the European Union (EU) by applying a single data protection law enforceable across every member state. The GDPR does the following:
MongoDB is working across our organization to ensure that our products and services enable our customers to comply with GDPR. This includes:
MongoDB Atlas, the cloud database service for MongoDB, is security hardened by default. Each MongoDB Atlas project is provisioned into its own VPC, thus isolating your data and underlying systems from other MongoDB Atlas users. Network encryption, storage volume encryption and access control are configured by default, and IP whitelists allow you to specify a specific range of IP addresses against which access will be granted. All security-specific updates to the operating system and database of the underlying instances are automatically applied by MongoDB engineers. For deployments running in AWS, VPC Peering can be used to connect your application servers deployed to another AWS VPC directly to your MongoDB Atlas cluster using private IP addresses.
Read the MongoDB Atlas Security Controls white paper for more information.
MongoDB also pursues external testing and certifications regarding security for Atlas. Visit the SOC 2 overview for more information.
MongoDB Atlas infrastructure runs on top of Amazon Web Services, Microsoft Azure, and Google Cloud Platform. Each cloud provider undergoes its own series of independent third-party audits on a regular basis.
Processing Addendum (DPA)? The terms of service applicable to MongoDB Atlas and MongoDB cloud services automatically include data processing protections that satisfy the requirements that the GDPR imposes on data controllers with respect to data processors. If you have questions about how these terms apply, please contact us at privacy@mongodb.com