- Review the various IDs (including mobile IDs) your marketing teams use to identify users in Audience Manager along with the data sources in which they are stored. This will streamline the process for requests (like delete or access requests), since certain data types will be hashed by your teams prior to ingestion in Audience Manager.
- Determine a validation and authentication policy and process for Data Subject identity confirmation. This will be an important part of making sure you properly return data in response to the Data Subject.
- Consider using Data Export Controls to block audience activation to technologies that house personal data. For example, segments with third-party data should not be syndicated to email service providers. Set a Data Export Control to help ensure that no one in your organisation can accidentally activate this data.
- Begin utilising Role-Based Access Controls to help ensure the right teams have access to intended data.
- Review identity linkage, privacy policies and legal requirements to see when and where it is appropriate to tie identity sets together. Use these appropriately via Audience Manager’s Profile Merge Rules.
Adobe Audience Manager and General Data Protection Regulation (GDPR)
Understand Your Data
In addition to the other steps in place that we’re taking in our role as a data processor and as part of Adobe Experience Cloud, here are a few Audience Manager specifics.
Privacy by Design Heritage:
Privacy by design has been and continues to be a foundational pillar of Audience Manager’s product development process. With the new GDPR requirements, customers need tools to appropriately manage data and the associated restrictions.
With features such as Data Export Controls (industry first, patent pending) and Role-Based Access Controls, marketers can manage access to and activation of audience data directly within Audience Manager.
Managing Your Data
Audience Manager customers have full control over how and what data is ingested into the DMP. Per Adobe policy, data that would allow Adobe to directly identify an individual (such as, but not limited to, email addresses, first and last names and phone numbers) is not permitted in Audience Manager. For data types that could fit into this category, customers are required to convert the data into hashed IDs prior to ingesting it into Audience Manager for segmentation and activation.
With GDPR in mind, we recommend working with your Adobe Consulting team member to understand which data sources and associated data types fit best for your required use cases. Adobe offers various tools and privacy-enhancing technologies to support your needs (e.g., hashing, obfuscation).
Additional Areas of Consideration
Data Governance: Start thinking about how your consumer data is managed.
Organisational Readiness: Establish a business process.
- Identify a process to receive and respond to Data Subject requests. Consider building an automated tool to submit requests.
- Appoint a privacy point of contact within your DMP centre of excellence. Connect your organisation’s privacy point of contact with your Audience Manager product usage team to understand how you might manage your input ID requirements.
- Conduct a data review prior to providing the Data Subject access to their data. Document the steps you put in place to help you to establish an audit trail for records of process requirements.