The General Data Protection Regulation (GDPR) is the European Union's privacy law that harmonises and modernises data protection requirements. Learn more about how to work toward GDPR-readiness in our video.
As your trusted data processor, we’re committed to helping you on your GDPR compliance journey. We believe this presents a new opportunity for you to strengthen brand loyalty by focusing on consumer privacy while delivering amazing experiences. Think of it as experiential privacy — making privacy a positive part of the experience, through on-brand privacy notices presented in context, with easy-to-exercise choices about your marketing.
There’s no time like the present. Here are 5 steps to get going on your GDPR readiness.
Inventory your digital properties, including mobile apps and websites, to assess which cookies, tags or other data are necessary and cut out what you don’t need.
Tell your privacy story through meaningful privacy notices, policies and choices at data collection points.
Provide a positive consumer experience by obtaining consent to avoid unwanted surprises and build a stronger relationship.
Determine how you will make some personal data anonymous or pseudonymous with another unique identifier to help minimise compliance obligations and the risk of data and privacy breaches and claims.
Identify or capitalise on existing processes to help respond to individual data access or delete requests.
Meeting the requirements of GDPR doesn’t just fall on the brand or the technology provider. It is a shared compliance journey between both. The example below from Adobe Experience Cloud sets out the roles for brands (“data controllers”) and technology providers (“data processors”) and shows where the processor may need to help or partner with the controller either through tools, processes or documentation.
Individuals’ rights as data subjects.
A data subject is any person whose personal data is being collected, held or processed. A key part of the European Union’s General Data Protection Regulation is letting individuals choose and control what happens to their personal data. Under the GDPR, individuals can ask companies to access and correct errors in their information, delete personal data and object to processing their data.
Your role as a data controller.
As the data controller, you will determine the personal data we process and store on your behalf. If you use Adobe cloud solutions, we may process personal data for you depending on the products and solutions you use and the information you choose to send to your Adobe account or service. As a controller, you will provide privacy notices to individuals who engage with your brands detailing how you collect and use information and obtain consents, if needed. If those individuals want to know what data you maintain about them or decide they want to discontinue their relationship with you, you will respond to those requests.
Our role as a data processor.
When we provide software and services to an enterprise, we’re acting as a data processor for the personal data you ask us to process and store as part of providing the services to you. As a data processor, we will process personal data only in accordance with your company’s permission and instructions — for example, as set out in your agreement with us. Where your data is in one of Adobe’s cloud solutions and you need our assistance with any individual consumer requests, we will partner with you through processes, products, services and tools to help you to respond.
We’re building products today with tomorrow’s privacy in mind. GDPR-inspired privacy regulations are cascading into other regions and countries. By complying with GDPR, you will be well positioned for the future and to any marketplace you want to take your brand.