GDPR Guide

What is GDPR?

The General Data Protection Regulation (GDPR) is an EU regulation on data protection and privacy covering all individuals within the European Union. GDPR is law going into effect on May 25, 2018 aiming to give EU citizens more control over their personal data in a digital world.

GDPR and You

GDPR probably affects most users of our service. It applies to anyone who works for a company established in the EU, sells or markets products to people within the EU, or monitors the actions of citizens of the EU regardless of where you are located or conducting business. As a customer of RocketReach you are likely a 'controller' of data, you have 2 main responsibilities.

The first is to establish a 'legal basis' to 'process' personal data of Europeans. The two main ways to establish this, are 1. explicit consent and 2. 'legitimate interest' to use this data that is within 'reasonable expectations' of the data subject. Direct marketing, recruiting, sales and fundraising could be regarded as 'legitimate interest' if crafted in a relevant way. Please consult your legal advisor if you have any questions.

The second is to protect data and to report any data breaches to data protection authorities. The regulation also builds in the "right to be forgotten" which requires controllers (users of our service) to support deletion requests and opt-outs.

Fines for violations are steep, the higher of 20M Euros or 4% of their global annual turnover. While it remains to be seen how the laws will be enforced, consumer complaints will probably be the main driver, so staying targeted and relevant is more important than ever.

To assist those who are trying to avoid contacting EU citizens, we've created a feature to filter them out of search results. Visit your account settings to enable it.

What is RocketReach doing to be compliant?

RocketReach will be fully compliant by the May 25th deadline. We've approached compliance on 3 fronts:

Our Product and Operations team has implemented the necessary security protocols to ensure that our user's data is secure. Data is pseudonymized, and encrypted where applicable. We're implementing automated safeguards at the application and infrastructure level as a proactive means of keeping user data safe and ensuring compliance.

Our Legal team is revising our legal documentation (namely our Terms of Service, and our Privacy Policy) to reflect mandatory Processor provisions required by Article 28 of the GDPR. They are also working with vendors to ensure they are all in full compliance. These laws and regulations could continue to change even after the effective date so they will be working to continuously maintain compliance and to help our customers do the same.

In addition we stand ready to support customer requests regarding an EU citizen's rights to:

  • Be forgotten: You can terminate your RocketReach account at any time; we will delete all non-accounting related info from your account
  • Rectification: You have the right to access and update your RocketReach account settings at any time in order to correct or complete your account information. Alternatively, you can contact us to request your data to be corrected, amended or deleted.
  • Access: What data we collect and how we use it is clearly specified in our Privacy Policy. If you have any questions about particular data, please contact
  • Portability: You can request for your data to be transferred to a third party at any time.