CAMPAIGN
Strengthen Customer Relationships Through GDPR
Find out how GDPR can help streamline and improve your data collection.
Adobe resources at your fingertips, including guides, articles and tips, to get you up to speed on Europe’s privacy regulation and make the most out of Adobe solutions under GDPR.
Find out how GDPR can help streamline and improve your data collection.
Sage practices to comply with the collection and processing of personal data.
Learn how Privacy by Design features can help.
Find out how Adobe Analytics embraces GDPR.
Understand GDPR and how to comply with your obligations as a data controller.
Get a basic understanding of GDPR, including how to get started.
Take a look at our list of frequently used terminology.
Get help with a Customer Care Support ticket for GDPR.
We suggest these 5 steps to get started with GDPR-readiness.
1. Inventory your digital properties, including mobile apps and websites, to assess which cookies, tags, or other data are necessary.
2. Map your consumer’s journey and tell your privacy story through meaningful notices and choices.
3. Develop a consent management strategy with an eye towards the consumer experience.
4. Determine how you will authenticate user identity to address data subject requests.
5. Identify and capitalize on existing processes to help respond to data subject requests.
Potentially. If you market products or services to individuals in the EU and you collect personal data, then GDPR may impact your business. GDPR is not only applicable to companies based in Europe. GDPR could apply to any company, even those located outside of Europe, if it offers goods and services or markets to individuals in the EU.
As a data processor, Adobe provides software and services to an enterprise, like yours, for the personal data you ask us to process and store. We only process personal data in accordance with your company’s instructions as set out in your agreement with us. If your consumers’ data is in an Adobe solution and you need our assistance with any individual consumer requests, we will partner with you through processes, products, services, and tools to help you respond.
GDPR changes how brands obtain consent and may require some consents to be refreshed or updated. For instance, if a brand’s current consent practices meet or exceed the obligations outlined by GDPR then no changes to consent may be needed. However, if a brand’s consent practices fall short of the enhanced obligations, then those consents should be reevaluated and modernized.
As the data controller, you determine the personal data that Adobe processes and stores on your behalf. If you use Adobe Cloud solutions, we may process personal data for you depending on the products and solutions you use and the information you choose to send to your Adobe account or service. As a data controller, you will provide privacy notices to individuals who engage with your brands detailing how you collect and use information, and obtain consents, if needed. If at some point during the consumer lifecycle those individuals want to know what data you maintain about them or decide they want to discontinue their relationship with you, you will need to have mechanisms in place to respond to those requests.
The consent management space (e.g., tools, standards, best practices) is evolving, and is an area to watch. To minimize impact on user engagement, controllers should work with vendors in this space and with their counsel, and follow emerging EU laws and guidance on consent and cookies. Thinking about “experiential privacy” by using an on-brand, contextually relevant, cookie-notice experience that sets out the value proposition of your data collection activities is a good strategy.
No. GDPR requires that the privacy protections afforded to European data flow with it wherever is transferred or accessed. Visit the Adobe Privacy center to learn more about how Adobe addresses data transfers when you use Adobe Cloud Solutions.
Marketers don’t necessarily need consent for everything and this will depend on the nature of the data collection practices. There is some scope to rely on other bases for processing, like legitimate interest, for certain marketing activities. Companies should work with their counsel to explore the best approach to support their marketing initiatives.
Find out how our latest product updates can help you meet EU privacy obligations.