Important Updates to Help you Become GDPR-Ready
The General Data Protection Regulation (GDPR), coming May 25, is Europe’s revamp of the EU’s data privacy requirements — with a worldwide impact. The new regulation applies to companies located within or outside the European Union (EU) offering goods or services to, or monitoring the behavior of, individuals in the EU (data subjects).
Here at Adobe, we can help you better understand GDPR and comply with your obligations as a data controller. This includes information on product and process updates we’ve made, our GDPR Care Package and GDPR Common Terms, as well as links to updated documentation. However, we encourage you to consult with your legal counsel to determine what impact GDPR may have on your business.
Although becoming GDPR-ready may require some adjustments, we see it as an opportunity to strengthen brand loyalty by focusing on experiential privacy — an investment opportunity for experience businesses. Over the last year, we’ve met with many of our customers to understand your needs — and we’ve enhanced our products, services, documentation, and agreements to satisfy those needs. Below you’ll find information and resources to help you on your journey to GDPR readiness.
Adobe Experience Cloud updates
- We’ve developed a GDPR API to help you manage (access and delete) the personal data of your data subjects.
- Our GDPR User Interface (UI) allows you to execute GDPR requests using a visual interface. This UI is best suited for one-off requests, whereas the API is best suited for handling large amounts of requests at a time.
Adobe Analytics customers need to have a data retention policy to process GDPR requests using the Adobe GDPR API. To set up your data retention policy, contact your Customer Success Manager and review the Data Retention FAQs. Additionally, Adobe Analytics released a data governance tool that allows you to apply data controls and classifications across your Analytics data.
The new data governance tool can help you:
- Identify and determine what data will be returned as part of an access request.
- Identify data fields that must be deleted as part of a delete request.
For more information, go to the Adobe Analytics and GDPR help page.
Adobe Audience Manager
- Familiarize yourself with the Privacy by Design features mentioned herein.
- For answers to common questions, visit the GDPR FAQ.
Adobe Campaign Standard simplifies your work by helping you automate access and delete requests, and handling data in both out-of-the-box and custom tables linked to individuals. Identifying individuals can be done on any profile field through the use of provided or custom namespaces.
- Create namespaces for identifying profiles based on custom data fields.
- Enable manual validation on delete requests to build confidence in how requests are handled before enabling full automation.
Adobe Advertising Cloud
As part of Adobe Advertising Cloud’s GDPR readiness, we’ve integrated the Adobe Experience Cloud GDPR API to assist you in fulfilling data access requests and delete requests.
- Advertising campaigns and their associated reporting that target individuals in the EU may be impacted.
- Adobe Advertising Cloud is participating in and helping to shape leading industry-adopted consent signals and standards that facilitate GDPR readiness for ad personalization and targeting in the EU.
- Adobe is available to work with you to implement EU campaign targeting strategies.
To discuss campaign-targeting strategies, contact your Adobe Advertising Cloud Account Manager.
Experience Manager Livefyre
Our GDPR features for Adobe’s platform for sourcing and publishing user-generated content are now available — no integrations or configurations are needed to access them.
- Livefyre customers can submit four types of requests on behalf of their users:
- Access: Collect all available data associated with an account, except for sensitive details like passwords
- Delete: Delete or obfuscate all data associated with an account.
- Opt-out: Opt a user out of data collection based on user ID or other user name.
- Opt-in: Re-enable Livefyre to passively collect data or content through streams or social search from a social account that had previously opted out.
For more information, read our Livefyre and GDPR FAQs.
Integrations with consent management
- To help you obtain consents from your consumers, we have three prebuilt integrations with these consent management solutions: Evidon, OneTrust, and TrustArc. These integrations are available within Launch by Adobe, our next-generation tag management system.
Retention period settings
- GDPR and best privacy practices require that companies keep data only as long as necessary to perform a service. To help our customers meet those requirements, our products and services provide default data retention periods. Depending on the product or service you may have, the option to request longer or shorter data retention periods based on your company’s specific needs may be available. Once the data retention period has been reached, we’ll delete the data. To learn how to update or change the data retention period for your data, please contact your Customer Success Manager.
- We’re updating our Data Processing Agreement (DPA) to better align with the GDPR and clarify certain terms. The DPA supplements your current license agreement with Adobe for use with Adobe’s products and services. If you have an existing DPA in place with Adobe, you can request a copy of the updated terms from your Customer Success Manager. If you don’t have a DPA with Adobe and would like to request one, please visit the Adobe Privacy Center.
A strong foundation
All of the enhancements mentioned above are built on a strong foundation of security controls and privacy by design, which include:
- Certifications to comply with industry-accepted standards and regulations.
- Implementation of technical and organizational measures.
- Hundreds of security processes and controls.
- The Common Controls Framework by Adobe.
Built upon this foundation, we also offer the following types of privacy-enhancing tools, where appropriate:
- IP obfuscation.
- Role-based access.
- Data labeling.
- Various privacy-related APIs and UIs.