Adobe Document Cloud and General Data Protection Regulation (GDPR)
What is GDPR and how does it affect your business’s use of Document Cloud?
The General Data Protection Regulation (GDPR) is the European Union’s new privacy law that harmonizes and modernizes data protection requirements across the EU. While there are many new or enhanced requirements compared to previous EU privacy laws, the core underlying principles remain the same. The new rules have a broad definition of personal data and a wide reach, affecting any company that markets products and services to individuals in the EU. As your trusted Data Processor, we’re committed to helping you on your GDPR compliance journey.
GDPR readiness: A shared responsibility.
GDPR is a shared compliance journey, with the regulation setting out the obligations for the various parties. For Document Cloud users, the example below sets out the roles for enterprises and institutions (Data Controllers) technology providers (Data Processors) and the places where the Data Processor may need to help or partner with the Data Controller either through tools, processes, or documentation to help the Data Controller.
A strong foundation of security and privacy compliance.
We’ve implemented a set of certified security processes and controls called the Adobe Common Controls Framework to help protect the data entrusted to us. This framework helps us comply with several security and privacy certifications, standards, and regulations, including SOC 2, ISO 27001, and the EU-U.S. Privacy Shield.
Privacy by design
Adobe has a long-standing practice of incorporating proactive product development efforts, which means we think about privacy at the outset when it comes to our software lifecycle. This is also known as “privacy by design.”
We’ve certified to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks for customer-related data. This provides our customers with the option of relying on these frameworks or entering into Standard Contractual Clauses (also known as EU Model Clauses) for the transfer of data from the EU to the U.S. You can find more information on this in our Privacy Center, along with information on how to request Standard Contractual Clauses.
We’ve updated Adobe’s Data Processing Agreement to account for GDPR requirements.
Records of processing
We’re working to more formally document the privacy practices we have in place to comply with the enhanced record keeping requirements.
Data protection team
We currently have a chief privacy officer, an Irish data protection officer, and a dedicated privacy team, and will continue to evaluate whether we need to take any additional steps in light of the new requirements.
Product and process innovation
We are constantly listening to our customers and looking for ways to simplify and further automate our product and service offerings to better support their GDPR needs.