Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
MariaDB is an open source relational database management system, a community developed fork of MySQL. It is available as self hosted software or via SkySQL, a cloud managed database service. MariaDB Foundation is based in Finland (EU). The database processes personal data at the infrastructure layer based on application design. Self hosted deployments involve no third party data processing, while SkySQL requires GDPR compliance measures.
MariaDB is an open source relational database management system (RDBMS), originally created as a community developed fork of MySQL by Michael Widenius, one of the original MySQL founders. It is maintained by the MariaDB Foundation, a Finnish non profit organisation based in Espoo, Finland. MariaDB offers drop in compatibility with MySQL and is used by major organisations worldwide as a backend database for web applications, enterprise systems, data warehousing, and embedded applications. It is available as self hosted open source software or via SkySQL, MariaDB''s cloud managed database service running on AWS and GCP.
MariaDB operates at the infrastructure layer and does not interact with end users directly or set browser cookies. The personal data it processes is entirely determined by the application layer. Common data stored includes user accounts, contact information, transaction records, and application logs. MariaDB supports the Audit Plugin for logging database access and queries, binary logging for replication and point in time recovery, and general query logging. SkySQL collects operational metadata including connection logs, performance metrics, and user account information for the management console.
For self hosted MariaDB deployments, no third party data processing is involved, and the organisation bears full responsibility for GDPR compliance at the infrastructure level. The EU base of MariaDB Foundation (Finland) is a privacy advantage as the open source project is maintained within the EEA. For SkySQL cloud deployments, MariaDB acts as a data processor and provides service agreements addressing GDPR requirements. MariaDB supports encryption at rest (using file key management or AWS Key Management), encryption in transit (TLS/SSL), role based access control, and comprehensive audit logging via the Audit Plugin. These features enable organisations to implement strong data protection measures at the database level.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
As a database engine, MariaDB does not require consent from end users. The legal basis for data storage depends on the application: typically contract performance (Art. 6(1)(b)) or legitimate interest (Art. 6(1)(f)). Organisations must implement consent mechanisms at the application layer for any personal data collection requiring consent. The mariadb.org and SkySQL websites set analytics cookies requiring ePrivacy consent, but this applies only to visitors of those sites, not to end users of applications built on MariaDB.
Self hosted MariaDB keeps data entirely under the organisation''s control with no international transfers unless the organisation configures cross region replication. For SkySQL, EU deployment regions are available on AWS and GCP. MariaDB Foundation is based in Finland, providing an EU base for the open source project governance. MariaDB Corporation (now part of the restructured entity) has operations in multiple countries. Organisations using SkySQL should confirm their chosen deployment region and review the service agreement for transfer safeguards.
For self hosted deployments: enable TLS for all connections, configure encryption at rest using the file key management plugin, implement role based access control with least privilege principles, enable the Audit Plugin for comprehensive query logging, configure binary logging for data recovery, secure network access with firewall rules, and implement automated backup with tested restoration procedures. For SkySQL: review the service agreement, select an EU deployment region, configure access controls, and enable audit logging. For all deployments: design your database schema to support GDPR data subject rights, implement data retention policies using scheduled purge procedures or event scheduler jobs, conduct a DPIA if storing sensitive personal data, and document MariaDB in your Records of Processing Activities.
Websites using MariaDB must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when MariaDB stores personal data at scale. Key areas include: the personal data categories stored (determined by application design), encryption configuration (at rest and in transit), authentication and access control setup, audit logging (MariaDB Audit Plugin), for SkySQL: cloud provider subprocessor relationships and data region selection, backup residency, and application layer data subject rights implementation.
Sample consent text
This application uses MariaDB to store and process data. Your personal data is stored in a database operated under our control. Data processing is performed in accordance with applicable data protection regulations. Please refer to our privacy policy for details on your rights.
Third-party domains contacted
mariadb.orgmariadb.comapp.skysql.comid.mariadb.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| skysql_session | authentication | Session | Maintains authenticated session for the SkySQL management console. |
| _ga | analytics | 2 years | Google Analytics cookie on the mariadb.org website tracking visitor behaviour. |
| cookie_consent | functionality | 1 year | Stores visitor cookie consent preference on the MariaDB website. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
MariaDB as a database engine does not set browser cookies. The mariadb.org website and SkySQL console set authentication and analytics cookies. End users of applications built on MariaDB do not receive any cookies from MariaDB itself.
No consent is required for the database engine. Applications must implement their own consent. The SkySQL console and MariaDB website require cookie consent for analytics cookies.
Depends on the application: typically contract performance (Art. 6(1)(b)) or legitimate interest (Art. 6(1)(f)). MariaDB itself is a tool; the organisation must determine the legal basis for each data category stored.
Self hosted deployments involve no transfers. SkySQL offers EU regions. MariaDB Foundation is Finnish (EU). Some corporate operations may involve non EU staff. Check the SkySQL service agreement for specifics.
Recommended if storing personal data at scale or sensitive data. Focus on application layer data categories, encryption configuration, access controls, audit logging, and for SkySQL, the cloud provider relationship.
Enable TLS, encryption at rest, RBAC, and the Audit Plugin. Design schema to support data subject rights. Implement retention policies with scheduled purge jobs. For SkySQL: select EU region and review the service agreement.
PostgreSQL (open source, full featured RDBMS), SQLite (embedded, zero configuration), CockroachDB (distributed SQL), or self hosted MariaDB itself provides maximum data control. EU cloud managed options include Scaleway Managed Databases and OVHcloud.
MariaDB operates at the infrastructure layer and is typically not visible to end users. Your privacy policy should mention cloud database storage (naming provider and region for SkySQL) and reference transfer safeguards. No cookie policy entry is needed for the database engine itself.