Important updates to help you become GDPR-ready

The Gen­er­al Data Pro­tec­tion Reg­u­la­tion (GDPR), com­ing May 25, is Europe’s revamp of the EU’s data pri­va­cy requirements—with a world­wide impact. The new reg­u­la­tion applies to com­pa­nies locat­ed with­in or out­side the Euro­pean Union (EU) offer­ing goods or ser­vices to, or mon­i­tor­ing the behav­iour of, indi­vid­u­als in the EU (data subjects).

Here at Adobe, we can help you bet­ter under­stand GDPR and com­ply with your oblig­a­tions as a data con­troller. This includes infor­ma­tion on prod­uct and process updates we’ve made, our GDPR Care Pack­age and GDPR Com­mon Terms, as well as links to updat­ed doc­u­men­ta­tion. How­ev­er, we encour­age you to con­sult with your legal coun­sel to deter­mine what impact GDPR may have on your business.

Although becom­ing GDPR-ready may require some adjust­ments, we see it as an oppor­tu­ni­ty to strength­en brand loy­al­ty by focus­ing on expe­ri­en­tial privacy—an invest­ment oppor­tu­ni­ty for expe­ri­ence busi­ness­es. Over the last year, we’ve met with many of our cus­tomers to under­stand your needs—and we’ve enhanced our prod­ucts, ser­vices, doc­u­men­ta­tion, and agree­ments to sat­is­fy those needs.

We recent­ly updat­ed many of our prod­ucts and ser­vices to help you on your jour­ney to GDPR readi­ness. Below you’ll find infor­ma­tion and resources to help you set up a sol­id pri­va­cy framework.

Adobe Expe­ri­ence Cloud updates

• We’ve devel­oped a GDPR API to help you man­age (access and delete) the per­son­al data of your data subjects.
• Our GDPR User Inter­face (UI) allows you to exe­cute GDPR requests using a visu­al inter­face. This UI is best suit­ed for one-off requests, where­as the API is best suit­ed for han­dling large amounts of requests at a time.
• The GDPR ID retrieval tag is an option­al, light­weight JavaScript tag that cap­tures con­sumers’ user IDs for Adobe Expe­ri­ence Cloud prod­ucts. By deploy­ing this tag on form pages where con­sumers sub­mit data access requests or delete requests, you can quick­ly cap­ture con­sumer IDs and send them to the GDPR API to process data access requests or delete requests.

Learn more about our GDPR updates to the Adobe Expe­ri­ence Cloud or vis­it our GDPR tech­ni­cal doc­u­men­ta­tion.

Solu­tion updates

Adobe Ana­lyt­ics

Adobe Ana­lyt­ics cus­tomers need to have a data reten­tion pol­i­cy to process GDPR requests using the Adobe GDPR API. To set up your data reten­tion pol­i­cy, con­tact your Cus­tomer Suc­cess Man­ag­er and review the Data Reten­tion FAQs. Addi­tion­al­ly, Adobe Ana­lyt­ics released a data gov­er­nance tool that allows you to apply data con­trols and clas­si­fi­ca­tions across your Ana­lyt­ics data.

The new data gov­er­nance tool can help you:

• Iden­ti­fy and deter­mine what data will be returned as part of an access request.
• Iden­ti­fy data fields that must be delet­ed as part of a delete request.

For more infor­ma­tion, go to the Adobe Ana­lyt­ics and GDPR help page.

Adobe Audi­ence Manager

With fea­tures such as Time to Live, Data Export Con­trols, and Role-Based Access Con­trols, mar­keters can man­age access to audi­ence data direct­ly with­in Adobe Audi­ence Manager.

Key con­sid­er­a­tions:

• Famil­iarise your­self with the Pri­va­cy by Design fea­tures men­tioned herein.
• For answers to com­mon ques­tions, vis­it the GDPR FAQ.

Learn more about Adobe Audi­ence Man­ag­er and GDPR.

Adobe Cam­paign

Adobe Cam­paign Stan­dard sim­pli­fies your work by help­ing you auto­mate access and delete requests, and han­dling data in both out-of-the-box and cus­tom tables linked to indi­vid­u­als. Iden­ti­fy­ing indi­vid­u­als can be done on any pro­file field through the use of pro­vid­ed or cus­tom namespaces.

Key con­sid­er­a­tions:

• Cre­ate name­spaces for iden­ti­fy­ing pro­files based on cus­tom data fields.
• Enable man­u­al val­i­da­tion on delete requests to build con­fi­dence in how requests are han­dled before enabling full automation.

For more infor­ma­tion, vis­it Adobe Cam­paign and GDPR and Adobe Cam­paign Stan­dard GDPR tech­ni­cal doc­u­men­ta­tion.

Adobe Adver­tis­ing Cloud

As part of Adobe Adver­tis­ing Cloud’s GDPR readi­ness, we’ve inte­grat­ed the Adobe Expe­ri­ence Cloud GDPR API to assist you in ful­fill­ing data access requests and delete requests.

Key con­sid­er­a­tions:

• Adver­tis­ing cam­paigns and their asso­ci­at­ed report­ing that tar­get indi­vid­u­als in the EU may be impacted.
• Adobe Adver­tis­ing Cloud sup­ports lead­ing indus­try-adopt­ed con­sent sig­nals that facil­i­tate GDPR readi­ness for ad per­son­al­iza­tion and tar­get­ing in the EU.
• Adobe is avail­able to work with you to imple­ment EU cam­paign tar­get­ing strategies.

To dis­cuss cam­paign-tar­get­ing strate­gies, con­tact your Adobe Adver­tis­ing Cloud Account Manager.

Experience Manager Livefyre

Our GDPR fea­tures for Adobe’s plat­form for sourc­ing and pub­lish­ing user-gen­er­at­ed con­tent are now avail­able — no inte­gra­tions or con­fig­u­ra­tions are need­ed to access them.

Key con­sid­er­a­tions:

• Live­fyre cus­tomers can sub­mit four types of requests on behalf of their users:
  • Access: Col­lect all avail­able data asso­ci­at­ed with an account, except for sen­si­tive details like passwords
  • Delete: Delete or obfus­cate all data asso­ci­at­ed with an account.
  • Opt-out: Opt a user out of data col­lec­tion based on user ID or oth­er user name.
  • Opt-in: Re-enable Live­fyre to pas­sive­ly col­lect data or con­tent through streams or social search from a social account that had pre­vi­ous­ly opt­ed out.

For more infor­ma­tion, read our Live­fyre and GDPR FAQs

Inte­gra­tions with con­sent management

• To help you obtain con­sents from your con­sumers, we have three pre­built inte­gra­tions with these con­sent man­age­ment solu­tions: Evi­don, OneTrust, and TrustArc. These inte­gra­tions are avail­able with­in Launch by Adobe, our next-gen­er­a­tion tag man­age­ment system.

Reten­tion peri­od settings

• GDPR and best pri­va­cy prac­tices require that com­pa­nies keep data only as long as nec­es­sary to per­form a ser­vice. To help our cus­tomers meet those require­ments, our prod­ucts and ser­vices pro­vide default data reten­tion peri­ods. Depend­ing on the prod­uct or ser­vice you may have, the option to request longer or short­er data reten­tion peri­ods based on your company’s spe­cif­ic needs may be avail­able. Once the data reten­tion peri­od has been reached, we’ll delete the data. To learn how to update or change the data reten­tion peri­od for your data, please con­tact your Cus­tomer Suc­cess Manager.

Con­tract terms

• We’re updat­ing our Data Pro­cess­ing Agree­ment (DPA) to bet­ter align with the GDPR and clar­i­fy cer­tain terms. The DPA sup­ple­ments your cur­rent license agree­ment with Adobe for use with Adobe’s prod­ucts and ser­vices. If you have an exist­ing DPA in place with Adobe, you can request a copy of the updat­ed terms from your Cus­tomer Suc­cess Man­ag­er. If you don’t have a DPA with Adobe and would like to request one, please vis­it the Adobe Pri­va­cy Cen­ter.

A strong foundation

All of the enhance­ments men­tioned above are built on a strong foun­da­tion of secu­ri­ty con­trols and pri­va­cy by design, which include:

• Cer­ti­fi­ca­tions to com­ply with indus­try-accept­ed stan­dards and regulations.
• Imple­men­ta­tion of tech­ni­cal and organ­i­sa­tion­al measures.
• Hun­dreds of secu­ri­ty process­es and con­trols.
• The Com­mon Con­trols Frame­work by Adobe.

Built upon this foun­da­tion, we also offer the fol­low­ing types of pri­va­cy-enhanc­ing tools, where appropriate:

• IP obfus­ca­tion.
• Hash­ing.
• Role-based access.
• Data labelling.
• Var­i­ous pri­va­cy-relat­ed APIs and UIs.

Find out more

For a deep­er dive you can watch the GDPR ses­sion ‘Adobe is GDPR ready, are you?’ at this year’s Adobe EMEA Sum­mit with Thomas Bark­er, Alisa Bergman and Karthik Raman https://blog.adobe.com/media_f2f8972ec26cb4e5e399f3c1464f75d881c1362f.mp4. You can also watch the on-demand webi­nar: Adobe is GDPR ready. Are you?

You can always refer to adobe.com/uk to learn more about our GDPR readi­ness and if you have ques­tions vis­it our Fre­quent­ly Asked Ques­tions or con­tact your Cus­tomer Suc­cess Manager.