Tableau helps you see, understand and protect your data.

The General Data Protection Regulation (GDPR), effective 25 May 2018, strengthens and unifies data protection for all individuals in the European Economic Area (EEA). The GDPR imposes enhanced rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the EEA, or that collect and analyze data tied to EEA residents. The GDPR applies to all organizations doing business with individuals in the EEA, whether the organizations are based in the EEA or not. It also addresses the export of personal data outside the EEA, so companies need to take a measured approach to their personal data collection and protection practices.

Tableau has always believed in the importance of handling personal data in a way that is both thoughtful and comprehensive and will continue to protect customer data in accordance with all current and future legislative guidelines, including GDPR. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently preparing for the GDPR. Here’s what we’ve been doing.

Tableau is committed to creating customers for life. Earning the generational trust of the world’s data users requires a relentless focus on the customer experience, a fundamental component of which is safeguarding your data.

Our commitment to you.

Product

Tableau provides robust governance control measures (like data source certifications), features (like live query), and tools (like using open metadata for internal audits) within the product itself.

Policies

Tableau is dedicated to providing transparency and building trust. We have engaged in a company-wide effort to implement GDPR-compliant privacy practices and are dedicated to continuous improvement in this area.

Security

Protecting customer privacy and respecting confidential information is fundamental to our core value of delighting our customers. Our robust security practices include conducting annual SOC 2, SOC 3, and ISAE 3402 audits for the Tableau Online service.

TABLEAU PRODUCTS AND THE GENERAL DATA PROTECTION REGULATION

Tableau users subject to EEA regulations need to be aware of their GDPR obligations. Download our whitepaper to understand the ways Tableau products can help you meet your obligations.

Download

Product Readiness

On-Premise Software

Tableau Desktop, Tableau Prep, and Tableau Server are installed locally on your servers/computers, behind your firewall, and do not automatically transmit your data back to Tableau. Our Support staff members do not have a built-in remote connection to the software and cannot “tunnel” into your installation. As such, Tableau does not process the personal data of our customers licensing our on-premise software and relies on our customers to maintain adequate protections for that data. Note that for registration information or usage data used to perform our contractual obligations and improve our products, Tableau is the controller and accepts related responsibilities under GDPR.

Tableau Online Data Location

Tableau Online is structured so that customers control where their data is stored. Tableau’s EU-based data center is available to both existing and new Tableau Online customers, wherever they are located, with disaster recovery systems also located in the EU. Existing customers can choose to migrate their data to the EU-based data center, while new customers can select their preferred location – currently either North America or Europe – when setting up their Tableau Online site.

Tableau Policies

Tableau has updated our key policies and reference materials in light of GDPR implementation:

Privacy Policy

Tableau collects personal information in support of its mission to help people see and understand their data. This personal information is collected and used in a variety of ways as described more fully in our Privacy Policy.

Data Transfer

The GDPR restricts the export of personal data to countries outside the EU and the European Economic Area (EEA) unless certain controls are in place. Tableau gives its customers assurances that personal data will be transferred and processed in compliance with EU data protection law in multiple ways.

Tableau is a certified Active Participant in the EU-US Privacy Shield Framework and is therefore subject to the investigative and enforcement powers of the Federal Trade Commission.

In addition, Tableau offers customers Model Clauses that make specific guarantees around transfers of personal data for in-scope Tableau services.

In committing contractually to both the Privacy Shield Framework and the Model Clauses, Tableau has invested in the operational processes necessary to meet the exacting requirements of European data privacy requirements.

Contractual Protections

GDPR requires that personal information is subject to certain contractual protections as it transfers between companies. To ensure contractual protections for our customers using our Tableau Online products, we have created a GDPR-ready DPA. Partners receive a DPA as part of onboarding and/or renewal.

Marketing Communications

Tableau collects personal information for marketing purposes only pursuant to GDPR and other local laws. Marketing communications are easily opted out of at any time, either through an unsubscribe button on the email itself, or by contacting customerservice@tableau.com.

Security Readiness

Information Security Practices

We have published informational security and data protection practices governing when employees and contractors can access data stores containing your data.

Third Party Audits and Certifications

Tableau’s controls have been audited by independent third parties against defined standards and makes SOC 2 Type II and SSAE 16 SOC 1 reports available to customers.

Incident Response

We have implemented a data breach and incident response plan. In case of an incident involving your customer data, we will inform you per the terms of your agreement with us.

Frequently Asked Questions

Learn more about Tableau’s approach to privacy with this summary of frequently asked privacy questions.

Download

Best Practices for Tableau customers

Apart from following the security hardening best practices for Tableau Server, the best thing our customers can do to reduce their exposure under GDPR is to not collect or store personal data that isn’t needed.

Additionally, customers should ensure that only those people who have the need to see personal data are able to do so. The rich permissions settings on Tableau Server and Tableau Online allow control of which assets users are able to access, such as sites, workbooks, worksheets, and data sources.

We will keep you informed on our progress with updates to this site. Should you have additional concerns or questions you would like to discuss, please do not hesitate to contact us at privacy@tableau.com.