Adobe Advertising Cloud and General Data Protection Regulation (GDPR)

Adobe Advertising Cloud as a Data Processor

The General Data Protection Regulation (GDPR) is the European Union’s new privacy law that harmonizes and modernizes data protection requirements. While there are many new or enhanced requirements, the core underlying principles remain the same. The new rules have a broad definition of personal data and they have a wide reach, affecting any company that markets products and services to individuals in the EU. As your trusted data processor, we’re committed to compliance and to helping you on your GDPR compliance journey.

Data Subject

Data Subject

Identified or identifiable person in the EU (e.g., consumer, website visitor).

Data Controller

Data Controller

Party that determines the purposes and means of collecting and processing personal data on the Data Subject (e.g., brand, advertiser, publisher).

Data Processor

Data Processor

Party that processes personal data on behalf of a Data Controller (e.g., DSP, SSP, DMP).

Adobe already meets or is implementing our obligations as a Data Processor. As a Data Processor, we are working toward a single unified service for all Adobe Experience Cloud solutions.

#f5f5f5

GDPR Workflow with Adobe Advertising Cloud

Data Controllers (advertisers) will be required to provide Data Subjects (consumers/viewers) with the ability to access, correct and delete their personal data being collected.

Data Subject sees an ad from a Data Controller.

Data Subject sees an ad from a Data Controller.

Data Subject goes to advertiser’s site to request access to data collected.

Data Subject goes to advertiser’s site to request access to data collected.

Advertising Cloud takes action.

Upon receiving a request from a Data Controller, Adobe Experience Cloud compiles data from Advertising Cloud, and Advertising Cloud takes action on correction and delete requests if required.

dobe Experience Cloud makes all personal data on Data Subject available.

Adobe Experience Cloud makes all personal data on Data Subject available to Data Controller to compile with data from other partners.

Tips for Data Controllers

  • Take inventory of your digital properties, including mobile apps and websites, to assess which cookies, tags, or other data are necessary to your business..
  • Map your customer journey and tell your privacy story through meaningful notices and choices.
  • Develop a consent management strategy with an eye towards customer experience.
  • Determine ways to authenticate user identity to address data subject access requests.
  • Identify or capitalize on existing processes to help respond to data subject access requests.

To consolidate GPDR requests across your Adobe Experience Cloud solutions using our GDPR API, we recommend discussing the following steps with your internal teams:

  • Integrate with Adobe’s GDPR API.
  • Identify and label any personal data that is in your solutions.
  • Consider deploying Adobe’s AdobePrivacy.js, a lightweight JavaScript library to help collect IDs of visitors for all Adobe Experience Cloud solutions, on your privacy portal, if you have one.
  • Consider updating to the latest version of the Adobe Mobile SDK.
  • Consider automation. Link the form submission from your privacy portal, directly to Adobe’s GDPR API.
    • Include User ID, which can be found in on-boarding documentation
    • Include your Org ID, which can be found in on-boarding documentation
    • Refer to our technical specifications for coding against API
#072F60

Adobe and GDPR.

See how we’re helping brands get GDPR-ready across our solutions.

Experience Business

Learn more

Adobe Analytics

Learn more

Adobe Campaign

Learn more

Adobe Audience Manager

Learn more