tutorials

16 articles

A practical comparison of GDPR and DORA requirements for database teams. Where they overlap, where they differ, and what you need to implement.

Key: GDPR applies to all organizations processing EU personal data; DORA applies specifically to EU financial entities

gdprdoracompliance

tutorialsFeb 8, 2026·6 min read

Why PostgreSQL Dominates in Regulated Industries

How PostgreSQL became the database of choice for healthcare, finance, and government. Technical features that make compliance possible.

Key: Row-Level Security enables data isolation without application-level workarounds — critical for multi-tenant SaaS in finance

postgresqlcomplianceregulated-industries

tutorialsJan 28, 2026·4 min read

Automating Data Classification in PostgreSQL for ISO 27001 and GDPR

Automate PII detection in PostgreSQL with pgcomply. Classify columns by sensitivity level for ISO 27001 and GDPR compliance.

Key: Data classification is required by ISO 27001 (A.8.2) and strongly recommended for GDPR Article 5 compliance

data-classificationiso-27001gdpr

tutorialsJan 28, 2026·6 min read

The 2026 EU Database Compliance Landscape: What Changed and What's Coming

A guide to EU regulations affecting database teams in 2026. GDPR enforcement trends, DORA in effect, AI Act implications, and NIS2 requirements.

Key: DORA enforcement is active since January 2025 — financial entities face audits from national competent authorities

eu-regulationcompliancegdpr

tutorialsJan 18, 2026·3 min read

Anonymizing PostgreSQL Data for Staging and Development Environments

Create realistic but anonymous copies of production data for development. Deterministic anonymization preserves referential consistency across tables.

Key: Using production PII in dev/staging is a GDPR violation — even internal access counts

postgresqlanonymizationstaging

tutorialsJan 15, 2026·4 min read

SOC 2 Compliance for PostgreSQL: Evidence Collection Guide

Satisfy SOC 2 Trust Service Criteria at the database level. Access reviews, change management, monitoring, and evidence collection with PostgreSQL.

Key: SOC 2 Type II requires evidence over a period — not a point-in-time snapshot

soc-2postgresqlcompliance

tutorialsJan 12, 2026·4 min read

Schema Drift Detection: Catching Unregistered PII Before Your Auditor Does

Detect and prevent compliance gaps when database schemas change. Automated PII pattern matching catches new columns containing personal data.

Key: Schema drift is the number one cause of incomplete GDPR deletion requests

schema-driftpostgresqlpii-detection

tutorialsDec 5, 2025·3 min read

PostgreSQL Compliance Tools Compared (2026): pgcomply vs Enterprise Platforms

Compare PostgreSQL compliance tools: pgcomply vs manual scripts vs pg_audit vs enterprise platforms like Vanta and Drata.

Key: Manual compliance (spreadsheets, scripts) breaks down beyond 5 tables and 2 engineers

postgresqlcompliance-toolscomparison

tutorialsDec 1, 2025·4 min read

Open Source Database Compliance: Why In-Database Beats SaaS

Why open-source, in-database compliance beats SaaS tools. Data sovereignty, auditability, and zero external dependencies.

Key: SaaS compliance tools require external data access — problematic for sovereignty-sensitive organizations

open-sourcedatabase-compliancedata-sovereignty

tutorialsNov 25, 2025·4 min read

PostgreSQL Compliance for Fintech Startups: GDPR + DORA in One Stack

GDPR and DORA compliance for fintech startups using PostgreSQL. BaFin readiness, incident reporting, and cost analysis.

Key: Fintech must comply with both GDPR (data protection) and DORA (operational resilience) simultaneously

fintechstartupgdpr

tutorialsNov 20, 2025·4 min read

Database Compliance for SaaS Startups: The Minimum Viable Compliance Stack

Minimum viable compliance for SaaS startups on PostgreSQL. GDPR deletion, audit trails, and investor-ready evidence.

Key: Minimum viable compliance has five pillars: know, delete, prove, protect, clean

saasstartupgdpr

tutorialsNov 15, 2025·4 min read

PostgreSQL Compliance for EU Public Sector: GDPR, BSI, and Data Sovereignty

PostgreSQL compliance for EU public sector. BSI IT-Grundschutz mapping, Verwaltungscloud compatibility, and data sovereignty.

Key: EU public sector increasingly mandates open-source software — pgcomply is Apache 2.0

public-sectoreubsi

tutorialsOct 30, 2025·3 min read

Temporal Queries in PostgreSQL: Time-Travel for Compliance Auditing

Use pgcomply temporal functions to answer 'what did the data look like at time X' for audit investigations, incident forensics, and regulatory inquiries.

Key: Auditors frequently ask about historical state — 'what was true at time X?'

postgresqltemporal-queriestime-travel

tutorialsOct 25, 2025·4 min read

Automating PostgreSQL Compliance with pg_cron: Set It and Forget It

Schedule automated compliance checks, retention enforcement, drift detection, and session logging in PostgreSQL using pg_cron and pgcomply.schedule_jobs().

Key: Manual compliance checks get forgotten — automate everything that can be automated

postgresqlpg-cronautomation

tutorialsOct 15, 2025·4 min read