Rocket.Chat has implemented various updates and changes to its codebase in preparation for GDPR enforcement on May 25th 2018.
A summary of Rocket.Chat's overall GDPR readiness strategy for this project can be found below:
Our public statement can also be found on .
The following are some of the more recent GDPR updates that are now part of the core codebase:
Right of Access
(implemented )
Right to be forgotten/erased
(implemented )
Data Portability
(implemented in )
Other rights
Other rights for the data subjects are either covered by features already built into our codebase or outside the scope of the open source software project, including:
Right to Rectification
The codebase can be configured to support user modification/correction/rectification of any data supplied (entered) by the user.
Right to restriction of processing
This is outside the scope of the open source software project and is up to the controller (administrator/deployer/operator of the the server system) to enforce.
Right to Object
This is outside the scope of the open source software project and is up to the controller (administrator/deployer/operator of the server system) to enforce.
Community compliance
The above will allow our community members to build and deploy GDPR-compliant systems and services. We know and understand that all of you have custom installation, configuration, and deployment environments and that you are working to ensure your own deployment of Rocket.Chat is compliant with GDPR if necessary.
Meanwhile, we would welcome any advice, input, or questions you may have regarding Rocket. Chat’s GDPR. Please help us by emailing your thoughts to privacy@rocket.chat.