What is GDPR?

The General Data Protection Regulation (GDPR) is the European Union's privacy law that harmonizes and modernizes data protection requirements. Learn more about how to work toward GDPR-readiness in our video.

GDPR, business

Adobe, GDPR, and your business.

As your trusted data processor, we’re committed to helping you on your GDPR compliance journey. We believe this presents a new opportunity for you to strengthen brand loyalty by focusing on consumer privacy while delivering amazing experiences. Think of it as experiential privacy — making privacy a positive part of the experience, through on-brand privacy notices presented in context, with easy-to-exercise choices about your marketing.

Get started.

There’s no time like the present. Here are 5 steps to get going on your GDPR readiness.

Responsibility graph

GDPR is a shared responsibility.

Meeting the requirements of GDPR doesn’t just fall on the brand or the technology provider. It is a shared compliance journey between both. The example below from Adobe Experience Cloud sets out the roles for brands (“data controllers”) and technology providers (“data processors”) and shows where the processor may need to help or partner with the controller either through tools, processes, or documentation.

Responsibility graph

Individuals’ rights as data subjects.

A data subject is any person whose personal data is being collected, held, or processed. A key part of the European Union’s General Data Protection Regulation is letting individuals choose and control what happens to their personal data. Under the GDPR, individuals can ask companies to access and correct errors in their information, delete personal data, and object to processing their data.

Your role as a data controller. 

As the data controller, you will determine the personal data we process and store on your behalf. If you use Adobe cloud solutions, we may process personal data for you depending on the products and solutions you use and the information you choose to send to your Adobe account or service. As a controller, you will provide privacy notices to individuals who engage with your brands detailing how you collect and use information, and obtain consents, if needed. If those individuals want to know what data you maintain about them or decide they want to discontinue their relationship with you, you will respond to those requests.

Our role as a data processor.

When we provide software and services to an enterprise, we’re acting as a data processor for the personal data you ask us to process and store as part of providing the services to you. As a data processor, we will process personal data only in accordance with your company’s permission and instructions — for example, as set out in your agreement with us. Where your data is in one of Adobe’s cloud solutions and you need our assistance with any individual consumer requests, we will partner with you through processes, products, services, and tools to help you respond.  

Take the long view on privacy.

We’re building products today with tomorrow’s privacy in mind. GDPR-inspired privacy regulations are cascading into other regions and countries. By complying with GDPR, you will be well positioned for the future and to any marketplace you want to take your brand.

For more resources, check out our GDPR Learning Center