Rokt and GDPR

Updated September 17, 2019

Rokt’s business relies on the trust of Partners, Brands and their customers.

As a custodian of customer and client personal data, Rokt complies with its legal obligations in all the markets in which it operates, including the European Union, and specifically complies with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) (“GDPR“).

Rokt began preparing for GDPR in late 2016, and was directed in its efforts by a leading European data protection law firm and IAPP member advisors across multiple markets.

Internally, Rokt has assembled a cross-functional working group, including certified information privacy professionals, to ensure that all its processes, practices and systems reflect the best practice in data protection and fully comply with the law.

Steps we've taken to date

Rokt’s GDPR compliance efforts include:

  • Educating staff on privacy and security issues and generally elevating awareness;
  • Improving our privacy governance frameworks and practices, including updating and globalizing our Data Breach Response Plans;
  • Re-assessing and confirming the basis on which Rokt processes personal data;
  • Have external counsel conduct a Legitimate Interest Assessment to confirm that where we rely on this as the basis for processing, we do so lawfully.
  • Conducting data privacy impact assessments to identify and reduce the data protection risk within projects and systems;
  • Implementing model clause based data transfer arrangements with Brands, Partners and Suppliers to ensure necessary protections apply to data exported from the EU;
  • Partnering with a leading third-party security services provider to have our applications, network, infrastructure and information security program regularly audited including quarterly penetration tests and vulnerability scans;
  • Ensuring that applicable data subject rights are provided for in our products and systems;
  • Updating our Ad Policies to ensure disclosures are suitable and transparent;
  • Closely monitoring GDPR developments and guidance, to support our clients’ compliance efforts.

Additionally, we updated our Privacy Policy to address matters set out in GDPR and laws in other markets in which we operate. The new policy covers the operation of Rokt’s Transaction Marketing services and platform. It strives to achieve the goals of simultaneously being concise, fully transparent and intelligible, and readily accessible.

We also updated our contractual commitments with Partners and Brands, to ensure they have the necessary terms in place going forward in respect of transferred data.

If you are a Rokt client, please reach out to if you have questions or if you deal with EU data subjects, or process personal data in the context of the activities of an establishment in Europe, via the Rokt platform.

Future steps

Rokt sees compliance as an ongoing process, not an endpoint that can be ‘achieved’ with a single stamp or certification. As such, Rokt will continue to take further steps on a daily basis to improve data protection outcomes for its Partners, Brands and their customers.

Trust in our approach to privacy and data security is paramount to our client relationships. As GDPR continues to evolve, we will update this page accordingly

If you have any questions in the meantime, don’t hesitate to reach out to