GDPR-compliant database
access management
Under GDPR Article 32, engineering teams must implement appropriate technical measures to protect personal data in production databases. For most EU companies, the current answer — SSH tunnels and shared credentials — is structurally non-compliant.
Scalple replaces the access model entirely: field-level permissions, INSERT-only audit trails, DSR workflows, and EU-only infrastructure built to satisfy supervisory authority inquiries.
Why SSH tunnels fail a GDPR audit
When a supervisory authority investigates a data breach or a data subject exercises their rights, they ask four questions. With SSH tunnels and shared credentials, most engineering teams cannot answer any of them:
Who accessed production?
Impossible. Shared credentials mean no per-identity attribution.
Which fields were read?
Impossible. No query-level logging, only connection events at best.
Was the access authorized?
Impossible. No policy engine — anyone with the password can do anything.
When was the session active?
Approximate at best. SSH logs are not query-level audit trails.
GDPR Article 32 does not require perfection. It requires appropriate technical measures. Supervisory authorities across the EU have consistently held that shared credentials and SSH tunnels constitute insufficient technical measures under GDPR Article 32 for systems containing personal data. The cost of retrofitting an audit trail after a DPA investigation begins is an order of magnitude higher than implementing one before.
How Scalple meets each GDPR requirement
Each article below maps to a structural feature of Scalple — not a policy or a procedure, but an architectural guarantee.
Technical measures for data security
Requirement: Appropriate technical measures must ensure confidentiality, integrity, and availability of personal data. For database access, this means access control, audit logging, and encryption.
Scalple: Scalple enforces field-level access control policies, INSERT-only audit logging, and TLS 1.3 encryption in transit. Every access is authenticated, scoped, and logged.
Records of Processing Activities (RoPA)
Requirement: Controllers must maintain records of all processing activities including the categories of personal data processed, the purposes of processing, and data recipients.
Scalple: Scalple generates RoPA automatically from schema annotations. When your DPA asks for records of processing, you export them — not assemble them manually.
Breach notification within 72 hours
Requirement: In the event of a personal data breach, the controller must notify the supervisory authority within 72 hours of becoming aware of it, unless the breach is unlikely to result in a risk.
Scalple: Scalple's audit trail provides immediate visibility into which data was accessed and by whom. Breach notification workflows are built into the platform, not assembled after the fact.
Data Subject Requests (DSR)
Requirement: Data subjects have the right to erasure, restriction of processing, and portability. Controllers must be able to locate and act on all personal data across their systems within one month.
Scalple: Scalple includes DSR auto-routing — requests are matched to identities across connected databases and processed programmatically, with a full audit trail of the DSR execution.
Data Processing Agreements with sub-processors
Requirement: Where processing is carried out by a processor, there must be a binding contract. Sub-processors outside the EEA require additional safeguards.
Scalple: Scalple is based in Romania, EU, with EU-only infrastructure. No sub-processors outside the EEA. A GDPR Article 28 DPA is available as standard.
GDPR database compliance — frequently asked questions
What does GDPR Article 32 require for production database access?
GDPR Article 32 requires appropriate technical and organisational measures to ensure a level of security appropriate to the risk. For production databases containing personal data, this means: (1) access must be authenticated and authorized per individual identity, not shared credentials; (2) every query must be logged in a tamper-evident audit trail; (3) access must be scoped to the minimum data necessary (data minimisation); (4) data must be encrypted in transit and at rest. Most engineering teams fail on all four counts when using SSH tunnels and shared credentials.
Can my engineering team prove database access to a Data Protection Authority?
With SSH tunnels and shared credentials, no. If a DPA investigation begins, you cannot answer: who accessed which tables, which fields were read, whether access was authorized, or when the session ended. With Scalple, every database operation is logged in an INSERT-only audit trail attributable to a named identity. You can export a complete access log for any time period to any supervisory authority.
What is a GDPR-compliant database audit trail?
A GDPR-compliant database audit trail must be: (1) complete — every operation logged, including denied requests; (2) tamper-evident — INSERT-only schema enforced at the database permission level, with cryptographic chaining that makes any modification detectable, even by infrastructure administrators; (3) attributable — every entry linked to a verified human identity, not a shared service account; (4) searchable — queryable by data subject, time range, or data category for DSR responses. Scalple's INSERT-only schema satisfies all four requirements.
Is a shared database password a GDPR violation?
Shared database passwords create a high risk of non-compliance with GDPR Article 32. If multiple engineers share the same database credentials, you cannot attribute individual queries to individual people — making your audit trail non-compliant. GDPR requires that access to personal data is controlled and auditable per identity. Shared credentials make this structurally impossible.
How do I handle Data Subject Requests (DSR) for database access?
Under GDPR Articles 17 and 18, data subjects can request erasure, restriction, or export of their personal data. To respond within the 30-day deadline, you need to locate all records for that individual across all connected databases. Scalple's DSR workflow automates this: requests are matched to identities, data is located across all connected database connections, and the DSR execution is itself logged in the audit trail.
Does GDPR apply to database access logs themselves?
Yes. Audit logs that contain query content or data about data subjects are themselves personal data under GDPR. Scalple handles this correctly: access logs are stored in the EU, subject to the same access controls as production data, and are themselves exportable for DSR responses.
Close your GDPR Article 32 gap today
If your DPO cannot export a field-level audit trail for any data subject in under five minutes, you have a gap. Book a demo or deploy the self-hosted version on your EU infrastructure.