This paper examines eight main questions at the intersection of database administration and data privacy. Data controllers — and database administrators (DBAs) working with data controllers — can use the following guidelines to evaluate the tools they’ll use to comply with data protection regulations such as GDPR.