This article mainly focuses on GPDR. The configuration and usage of Access and Delete requests are common to both GDPR and CCPA.
While there are many new or enhanced requirements in GDPR, the core underlying principles of the current EU data protection requirements remain the same. Many of the data processor responsibilities in GDPR required of Adobe Campaign are already being met by the product functionality available in Adobe Campaign today. We have taken the GDPR opportunity to add additional functionality to help facilitate your GDPR readiness, where possible. Ultimately, we are here to work with our customers and do our part in helping them, the Data Controllers, achieve GDPR readiness.
Data Subject - In the context of the Adobe Experience Cloud, Data Subjects are Adobe’s customers consumers or end users.
Data Controller - In the context of Adobe Experience Cloud, Data Controllers are Adobe’s customers. They own and control the data they house on their consumers (Data Subjects). The Data Controller will usually appoint the privacy admin or other customer facing point of contact for GDPR requests. That person would be responsible for, among other things, providing the notices and obtaining any needed consents to collect end-user information. They are also responsible for validating who the Data Subject is and getting the right information from the Data Subject to pass it along to various different vendors including Adobe Campaign. Important: It is the responsibility of the Data Controller to confirm the identity of the Data Subject making the request and confirming the data returned to requester is about the Data Subject.
Data Processor - Adobe is considered a Data Processor. We process data based on the instructions and agreements we have with our enterprise customers (Data Controllers).
Consent - Signifies agreement by the Data Subject to the processing of personal data relating to a Data Subject. Consent is the responsibility of the Data Controller.
Access (Right to Access) - Also known as Subject Access Right, Access entitles the Data Subject to have access to, and information about, the personal data that a Data Controller has concerning them.
Delete (Right to be forgotten) - Also known as Data Erasure, entitles the Data Subject to have the Data Controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data.
Note: Adobe does not provide legal advice. All customers should work with their own legal counsel to ensure they are taking all steps necessary towards GDPR readiness.
Prepare for data access and delete requests
Identify a process to receive/respond to Data Subject requests, including appointing a privacy point of contact.
Review the various customer data stored in Adobe Campaign and determine unique identifiers (there will likely be more than one).
Determine a validation/authentication policy & process for Data Subject identity confirmation.
Make sure that the Data Subject response is easy to understand.
Consider consent
Inventory and update as necessary all touchpoints for data capture for GDPR (e.g.: consider language, mechanism for consent, and consent logs).
Make sure all marketing emails include the unsubscribe links.
Assess global strategy for email marketing to determine geo-specific implementations.
Understand your data
Review all data import and capture sources where data is flowing into Adobe Campaign and document which fields are being used for your marketing efforts.
Remove any unused data attributes from your Adobe Campaign database.
Use data available in Adobe Campaign for the intent it was captured and give your recipients better personalized experiences.
Review and update data access permissions to help ensure users of Adobe Campaign can fully leverage only the data needed to run their campaigns, but not access any data beyond this.
Ensure each user of Adobe Campaign has the appropriate access rights to perform their required his/her tasks, but does not have any other rights to perform additional tasks.
In those instances where consent will be needed for certain marketing activities, consumer consent will need to be active (e.g., no silence as assent or pre-checked boxes), unbundled, and it may not be conditional upon offering the services. There may even be instances where certain consents need to be refreshed to be able to continue using data going forward. Rather than thinking of these enhanced GDPR consent requirements as a risk to the marketable universe, marketers could embrace the new consent requirements as a true indicator of brand engagement and loyalty, as well as customer satisfaction and trust.
Adobe Campaign already provides capabilities to manage consent at more levels than most marketers leverage via customized data fields or through one or more Services. Marketers should check with their legal counsel for guidance on how to proceed, and then take advantage of capabilities already built-in to Adobe Campaign. For example, extending the data model in Adobe Campaign to track not only if people have opted-in, but also the timestamp of the opt-in, and some type of indicator that captures the precise scope of consent.
All data associated to the Data Subject will be deleted including out of the box and custom tables. In technical terms, all data linked to the Data Subject with integrity="own" will be deleted. As the Data Controller, you have the option of customizing this by changing the integrity of links defined in the data schemas (for example, in case you have a business justification to not delete certain data).
Adobe Campaign includes the following capabilities, to help with your GDPR readiness: Right to Access, Right to Delete, Consent management, Data retention and Rights management.
In this section, we will introduce those capabilities and present to you an example of a GDPR use case scenario to help you understand the general flow as well as the different personas involved: Data subject, Data Controller and Data Processor.
Right to Access: allows the Data Subject to receive a copy of his/her personal data captured by Data Controllers, potentially including data stored in Adobe Campaign.
Right to Delete: entitles the Data Subject to have his/her personal data captured by Data Controllers erased, potentially including data stored in Adobe Campaign.
Consent management: allows the Data Subject to agree (or not) to the processing of his personal data.
Data retention: each table in Adobe Campaign is set with a specific retention period thus limiting data storage.
Rights management: Adobe Campaign provides access rights to allow you to manage which user can access different types of data.
In this example, we are considering an airline company as Adobe Campaign customer. This company is the Data Controller and all the consumers of the airline company are Data Subjects. Laura in this particular case is a consumer of the airline company.
Here are the different personas used in this example:
Laura is the Data subject. She’s the recipient who receives messages from the airline company. Laura may be a frequent flyer, but may decide at some point that she doesn’t want any personalized advertising or marketing messages from the airline company. She will ask the airline company (based on their process) to delete her frequent flier number.
Ann is the Data Controller. She receives Laura’s request, retrieves useful IDs requested to identify the Data Subject and submits the request in Adobe Campaign.
Then Adobe is the Data Processor.
Here is the general flow for this use case:
The Data Subject sends a GDPR request to the Data Controller, via email, customer care or a web portal.
The Data Controller pushes the GDPR request to Campaign via the interface or using an API.
Once Campaign receives the information, it takes action on the GDPR request and sends a response or acknowledgement to the Data Controller.
The Data Controller then reviews the information and sends it back to the Data Subject.