DISCLAIMER: This guide is intended to be a guideline and does NOT constitute legal advice. Please seek the advice of your brand’s legal counsel for meeting the requirements in the regions where you operate.
Adobe Acrobat Sign fully supports the General Data Protection Regulation (GDPR) for all users.
Based on the GDPR requirement to obtain user consent prior to storing data on the users device, some users may experience one or more requests to enable cookies:
DISCLAIMER: This guide is intended to be a guideline and does NOT constitute legal advice. Please seek the advice of your brand’s legal counsel for meeting the requirements in the regions where you operate. |
The General Data Protection Regulation (GDPR) is the European Union’s new privacy law that harmonizes and modernizes data protection requirements. While there are many new or enhanced requirements, the core underlying principles remain the same. The new rules have a broad definition of personal data and a wide reach, affecting any company that collects personal information of individuals in the EU. Part of the regulation requires that individuals have the right to understand what personal data has been collected, and to have that data deleted upon request, when appropriate.
For the purpose of this article, the term User refers to a member of a company that sends agreements for Signature. The term Signer refers to an individual that receives and either signs or rejects the agreement. A privacy administrator is an Acrobat Sign account administrator with special controls for removing personal information from the service upon request of a Sender or signer.
User uniqueness is predicated on the email address used to identify the individual. A person that has multiple email addresses could have multiple discrete user IDs in the system. All GDPR controls in Acrobat Sign use email address to find and manage personal information. There is no connection between the unique email addresses and an Administrator will only find data on the email address provided.
Acrobat Sign offers features to help customers comply with GDPR. For more information on how Adobe protects your privacy, visit www.adobe.com/privacy.
Under GDPR, individuals have enhanced rights to request access, correction, and deletion of their personal information.
In terms of the Acrobat Sign toolset, there are three features in place:
Any user can make a request to the Adobe Privacy Center to provide the log of their activities in the Acrobat Sign system that include private information.
That information is returned in the form of a CSV containing:
Applicable only to agreements sent by users under the authority of the Privacy Admin.
When a Signer makes a request to have their information removed from the Acrobat Sign system, the account Privacy Admin can search against the user's email address, and return all the agreements that email address participated in and that were created in the Admin’s account.
If the Privacy Admin determines that the agreement is no longer needed, he can delete it, wholly and irrevocably, from the service.
Recipients that contact Acrobat Sign will be directed to review their Manage tab, and contact the company that originally created the transaction for the purpose of deleting the agreement.
Acrobat Sign, as a data processor of the Customer, will never delete an agreement at the request of a recipient.
Applicable only to users under the authority of the Privacy Admin
When an employee requests their information to be deleted from your systems, this tool completely deletes all the user's Information from the Acrobat Sign servers.
Users must make this request to the account Privacy Admin directly. Only the Privacy Admin has the authority to delete users.
Acrobat Sign support cannot delete users from an account, and if requested to do so, will refer the user to the account admin.
Individual and free accounts
Users that exist as the only person in an account, or who only have a free account, will not be able to delete themselves. In this case, the user will need to contact the Adobe Privacy Center.
The user needs to provide their email address and explicit instruction to delete the user associated with the email address from the Acrobat Sign systems. The Adobe Privacy Center will then take the appropriate steps to ensure the user is deleted.
Having personal information deleted from the Acrobat Sign system requires that the assets of the user be properly resolved. This process varies depending on the type of user/account involved, which can be grouped into four categories:
Signers are unique in that all of their agreements were created by some other user.
The first step in having your content deleted from the Acrobat Sign system is to register your email address and review the content that is associated with your email address.
You can register your email address here
Once your email address is registered:
If there is no content on this page, contact the Adobe Privacy Center and request that your user (email address) be deleted from the Acrobat Sign system.
To have your agreement content deleted, you must contact the original sender of the agreement.
Only the original sending account has the authority to review the agreement and delete it.
Note: The original sending account Privacy Administrator determines when a contract can be deleted.
To determine who the original sender is:
Repeat the above for all agreements listed on the Manage page in the Completed and In Progress categories
Any agreements in the Waiting for you section should be declined:
Once all open agreements are declined and the senders for completed agreements have been contacted, contact the Adobe Privacy Center and request that your user (email address) be deleted from the Acrobat Sign system.
Free and individual service plans have a registered email address, and should be able to log into their account to review the content at-will.
If you have trouble logging in, click the I forgot my password link just under the login fields, and reset your password value.
Once you can log in to the service:
Click the Manage tab at the top of the window.
This page shows all the remaining Acrobat Sign content that has included your email address.
To have agreements sent by other users deleted, you must contact the original sender of the agreement.
Only the original sending account has the authority to review the agreement and delete it.
Note: Contracts that are still in legal effect are not required by GDPR to be deleted. This is determined by the original sending account Privacy Administrator.
To determine who the original sender is:
Repeat the above for all agreements listed on the Manage page in the Completed and In Progress categories
Once all Signed agreements are deleted, contact the Adobe Privacy Center and request that your user (email address) be deleted from the Acrobat Sign system.
Users that are under the authority of an Account/Privacy Admin only need to contact their Admin and request to be deleted from the system.
The Privacy Admin has the authority to review your content/ user, and delete all appropriate content.
Deleting a user from the Acrobat Sign server requires that you first have system authority over that userID. If the user is not in your account, you do not have any authority to delete them.
To determine if the user is under your authority:
Navigate to the User interface: Account > User
Click the Options icon (three lines on the far right)
Select Show All Users
Search for the email address of the user
If the email address is not found within the account, No users available using current filter displays on the screen.
If the user exists, you will have only one record (because email addresses are unique).
Verify the email address is correct, and that you are about to delete the correct userID.
Once the userID is deleted, it is irrevocably gone.
Single click the user record to highlight it. This exposes the action links just above the user record
If the user is in any status other than Inactive, click the Deactivate User link
Click the Delete User Information link
The Delete User challenge opens, indicating the ramifications of what you are about to do.
Deleting a user will:
Just under the dire warnings, there are three options.
Select the option that suits the situation and click Delete User Information (or Cancel if you are having second thoughts):
When the Preserve agreements option is selected:
One last challenge appears:
A success message is delivered, indicating the userID is deleted from the database.
GDPR asserts that users (signers typically) have the right to have all records containing their personal information deleted from systems that no longer have a business need to retain it.
Within the context of Acrobat Sign, this means that the user must contact the company they have signed documents with to evaluate the documents in the system and delete them if appropriate.
A privacy admin must be nominated from the Account admins in the account, granting them the authority to view all agreements and delete them as needed.
The process to comply with GDPR is straightforward, and the decision to delete or retain the agreements rests solely with the privacy admin for the account.
To review and delete a users content:
Log in as a privacy admin for your account
Navigate to Account > Privacy
Type the email address of the requesting party into the top field and press Enter
All agreements that have been created by users in your account, and that include the provided email address, are returned
Single click each record, and then click the Download Agreement link at the top of the agreement list
GDPR does not require that you delete agreements that are still legally in effect.
A challenge is issued to verify that you really want to delete the agreement
A Success message displays, indicating that the deletion is in process.
All /agreements endpoints that have an agreement id path in v6 REST API now return a 404 AGREEMENT_DESTROYED error code if the agreement has been deleted via GDPR tools.
Access to the Privacy page is limited to Privacy Admins.
Only when the user is flagged as a Privacy Admin will they have access.
To enable Privacy admin:
Log in as an Account admin
Navigate to Account > Users
Single click the user you want to promote to privacy admin
Select Edit from the menu above the user list
When the user panel opens:
Any request for action that is not supported by the tools within the user interface, or questions regarding GDPR compliance, must be submitted to the Adobe Privacy Center.
Support and Success agents do not have access to the tools that delete content from the servers.
Sign in to your account