The General Data Protection Regulation (GDPR) aims to strengthen personal data protection in Europe, and affects the way we all do business. Compliance with GDPR is a top priority for MongoDB and our customers. MongoDB can be a key facilitator on your GDPR journey with our customer-centric approach to data protection, control, and compliance.
What is the GDPR?
The GDPR is a European privacy law that became enforceable on May 25, 2018. The GDPR replaces the EU Data Protection Directive and is intended to reconcile data protection laws throughout the European Union (EU) by applying a single data protection law enforceable across every member state. The GDPR does the following:
- Regulates how businesses can collect, use, and store personal data
- Builds upon current documentation and reporting requirements to increase accountability
- Authorizes fines on businesses who fail to meet its requirements
Who is impacted by the GDPR?
The GDPR not only applies to organizations located within the EU, but also to organizations located outside of the EU that offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. The GDPR defines personal data to include any information relating to an identified or identifiable natural person.
How does MongoDB help my organization comply with the GDPR?
MongoDB is working across our organization to ensure that our products and services enable our customers to comply with GDPR. This includes:
- Continuing to build upon the security features in our products and the security posture of our enterprise and infrastructure, described in more detail here
- Ensuring that contracts with our customers enable them to comply with the GDPR rules relating to appointing processors, and ensuring that our contracts with our own processors are compliant as well
- Continuing to support international data transfers by maintaining our Privacy Shield self-certifications, and by executing Standard Contractual Clauses with our customers as needed
- Continuously monitoring the guidance around GDPR compliance, and adjusting our plans accordingly