About GDPR
Organisations established in the EU and processing personal data of EU-based individuals are, in almost all cases, required to comply with the GDPR as of May 25, 2018. The GDPR updates and harmonises the framework for processing personal data in the European Union, and brings with it new obligations for organisations and new rights for individuals.
Rockkt works proactively to ensure we are 100% GDPR compliant at all times. The measures we take into place are detailed below. We are using publicly accessible data, but we still cover all elements of GDPR to ensure compliance.
Lawfulness, fairness, and transparency
Rockkt's lawful basis for processing is legitimate interest in providing services to its users. In order to determine legitimate interest as a lawful basis, we have completed a detailed Legitimate Interest Assessment which is reviewed annually.
The concept of fairness laid out in the GDPR goes hand-in-hand with lawfulness. It means we won't purposely withhold information about what or why we are collecting data. In other words, users wouldn’t be surprised if they knew how we are using their data. Fairness means we won’t mishandle or misuse the data we collect.
Transparency is inherently linked to fairness: Being clear, open, and honest with data subjects about who we are, and why and how we are processing personal data is the definition of transparency. By following it, we act fairly towards your data subjects.
Purpose limitation
The GDPR’s second principle sets boundaries around using data only for specific activities. This purpose limitation means data is “collected for specified, explicit, and legitimate purposes” only, as stated in the GDPR.
Our purposes for processing data is clearly established. This is clearly communicated to individuals through our DPA & privacy notice. Finally, we follow them closely, limiting the processing of data to only the purposes we have stated.
If at any point, we want to use the data we have collected for a new purpose that’s incompatible with our original purpose, we will ask specifically for consent to do so, unless we have a clear obligation or function set out in law.
Data minimisation
We only collect the smallest amount of data we will need to complete our purposes.
Accuracy
It’s up to Rockkt to ensure the accuracy of the data we collect and store. We set up checks and balances to correct, update, or erase incorrect or incomplete data that comes in. We also have regular audits on the calendar to double-check the cleanliness of stored data.
Storage limitation
According to the GDPR, we have to justify the length of time you’re keeping each piece of data we store. Data retention periods are a good thing to establish to meet this storage limitation policy. We create a standard time period and this can be viewed in our Data Processing Agreement.
Integrity and confidentiality
The GDPR requires us to maintain the integrity and confidentiality of the data we collect, essentially keeping it secure from internal or external threats. This takes planning and proactive diligence. We take extended measures to protect data from unauthorised or unlawful processing and accidental loss, destruction, or damage.
Accountability
Rockkt has appropriate measures and records in place as proof of your compliance with the data processing principles. Supervisory authorities can ask for this evidence at any time. Documentation is key here. It creates an audit trail that authorities can follow if we do need to prove responsibility.
Conclusion: Integration of the principles of the GDPR
The principles of the GDPR communicate the spirit and thought process behind data processing best practices. In addition, the GDPR sets out data controller and processor responsibilities that support each of the principles.
The above GDPR principles are embedded into the daily operational fabric of Rockkt. We do not deviate away from the above principles in any way to ensure a fully compliant GDPR offering.