Adobe Advertising Cloud and General Data Protection Regulation (GDPR)

Marketing campaign management

Adobe Advertising Cloud as a Data Processor

GDPR goes into effect on May 25, 2018, with the primary objective of giving individuals residing in the EU (Data Subjects) more control of their personal data. GDPR applies to all organizations collecting and processing the personal data of Data Subjects, regardless of the company’s location. Data Controllers will be required to provide Data Subjects with the ability to access, correct, and delete their personal data being collected.
Data Subject
 
Data Subject
Identified or identifiable person in the EU (e.g., consumer, website visitor).
Data Controller
 
Data Controller
Party that determines the purposes and means of collecting and processing personal data on the Data Subject (e.g., brand, advertiser, publisher).
Data Processor
 
Data Processor
Party that processes personal data on behalf of a Data Controller (e.g., DSP, SSP, DMP).
Adobe already meets or is implementing our obligations as a Data Processor. As a Data Processor, we are working toward a single unified service for all Adobe Experience Cloud solutions.

GDPR Workflow with Adobe Advertising Cloud

Data Controllers (advertisers) will be required to provide Data Subjects (consumers/viewers) with the ability to access, correct and delete their personal data being collected.

 

Data Subject sees an ad from a data controller.
Data Subject sees an ad from a Data Controller.
Data Subject goes to advertiser’s site to request access to data collected.
Data Subject goes to advertiser’s site to request access to data collected.
Upon receiving a request from a Data Controller, Adobe Experience Cloud compiles data from Advertising Cloud, and Advertising Cloud takes action on correction and delete requests if required.
Upon receiving a request from a Data Controller, Adobe Experience Cloud compiles data from Advertising Cloud, and Advertising Cloud takes action on correction and delete requests if required.
 
Adobe Experience Cloud makes all personal data on Data Subject available to Data Controller to compile with data from other partners.
Adobe Experience Cloud makes all personal data on Data Subject available to Data Controller to compile with data from other partners.
 

Tips for Data Controllers

 
  • Take inventory of your digital properties, including mobile apps and websites, to assess which cookies, tags, or other data are necessary to your business.
  • Map your customer journey and tell your privacy story through meaningful notices and choices.
  • Develop a consent management strategy with an eye towards customer experience.
  • Determine ways to authenticate user identity to address data subject access requests.
  • Identify or capitalize on existing processes to help respond to data subject access requests.
 
To consolidate GPDR requests across your Adobe Experience Cloud solutions using our GDPR API, we recommend discussing the following steps with your internal teams:
 
  • Integrate with Adobe’s GDPR API.
  • Identify and label any personal data that is in your solutions.
  • Consider deploying Adobe’s AdobePrivacy.js, a lightweight JavaScript library to help collect IDs of visitors for all Adobe Experience Cloud solutions, on your privacy portal, if you have one.
  • Consider updating to the latest version of the Adobe Mobile SDK.
  •  Consider automation. Link the form submission from your privacy portal, directly to Adobe’s GDPR API. 
    • Include User ID, which can be found in on-boarding documentation
    • Include your Org ID, which can be found in on-boarding documentation
    • Refer to our technical specifications for coding against API 

Adobe and GDPR.

See how we’re helping brands get GDPR-ready across our solutions.
 
Experience Business
Adobe Analytics
Adobe Campaign
Adobe Audience Manager