Campaign Classic - General Data Protection Regulation

This document will introduce you to what Adobe Campaign Classic provides to help you with your GDPR compliance when using our service.

What is GDPR?

GDPR is the European Union’s (EU) new privacy law that harmonizes and modernizes data protection requirements going into effect on May 25, 2018. GDPR applies to Adobe Campaign customers who hold data for Data Subjects residing in the EU.

In addition to the privacy capabilities already available in Adobe Campaign (including consent management, data retention settings, and rights management), we are taking this opportunity in our role as Data Processor to include additional capabilities, to help facilitate your readiness as Data Controller for certain GDPR requests.

This document presents all the tools and functionalities that Adobe Campaign provides, as well as best practices, to help you with your GDPR compliance when using our service.

Installation procedures described in this document are applicable to Campaign Classic 18.4 (build 8931+). If you are running on a previous version, refer to this technote.

Read More

GDPR Personas and Flow

Adobe Campaign Classic includes the following capabilities, to help with your GDPR readiness: Right to Access, Right to Delete, Consent management, Data retention and Rights management.

In this section, we will introduce those capabilities and present to you an example of a GDPR use case scenario to help you understand the general flow as well as the different personas involved: Data subject, Data Controller and Data Processor.

Read More

Right to Access and Right to be Forgotten

In order to help you facilitate your GDPR readiness, Adobe Campaign now allows you to handle Access and Delete requests.

The Right to Access is the right for the Data Subject to obtain from the Data Controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. The controller shall provide a copy of the personal data, free of charge, in an electronic format.

Also known as Data Erasure, the Right to be Forgotten (delete request) entitles the Data Subject to have the Data Controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.

Let's see how you can create Access and Delete requests and how Adobe Campaign processes them.

Read More

Consent, Retention and Roles

In addition to the new Right to Access and Right to be Forgotten capabilities, Adobe Campaign offers other important features that are essential to GDPR:

  • Consent management: subscription functionality for preference management
  • Data retention: data retention periods on all standard log tables, additional retention periods can be set up with workflows
  • Rights management: data access managed by named right
Read More

Any question? Visit our forum and ask the community.

Follow Adobe Experience Cloud on the social networks

Copyright © Adobe 2018

What is GDPR?

Close

What is GDPR?

Here are a few links on general information on GDPR:

Will Adobe Campaign be GDPR ready?

While there are many new or enhanced requirements in GDPR, the core underlying principles of the current EU data protection requirements remain the same. Many of the data processor responsibilities in GDPR required of Adobe Campaign are already being met by the product functionality available in Adobe Campaign today. We are taking this opportunity to add additional functionality to help facilitate your GDPR readiness, where possible. Ultimately, we are here to work with our customers and do our part in helping them, the Data Controllers, achieve GDPR readiness.

What are key terms related to GDPR?

  • Data Subject - In the context of the Adobe Experience Cloud, Data Subjects are Adobe’s customers consumers or end users.

  • Data Controller - In the context of Adobe Experience Cloud, Data Controllers are Adobe’s customers. They own and control the data they house on their consumers (Data Subjects). The Data Controller will usually appoint the privacy admin or other customer facing point of contact for GDPR requests. That person would be responsible for, among other things, providing the notices and obtaining any needed consents to collect end-user information. They are also responsible for validating who the Data Subject is and getting the right information from the Data Subject to pass it along to various different vendors including Adobe Campaign. Important: It is the responsibility of the Data Controller to confirm the identity of the Data Subject making the request and confirming the data returned to requester is about the Data Subject.

  • Data Processor - Adobe is considered a Data Processor. We process data based on the instructions and agreements we have with our enterprise customers (Data Controllers).

  • Consent - Signifies agreement by the Data Subject to the processing of personal data relating to a Data Subject. Consent is the responsibility of the Data Controller.

  • Access (Right to Access) - Also known as Subject Access Right, Access entitles the Data Subject to have access to, and information about, the personal data that a Data Controller has concerning them.

  • Delete (Right to be forgotten) - Also known as Data Erasure, entitles the Data Subject to have the Data Controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data.

What is Adobe Campaign's suggestion for customers?

Note: Adobe does not provide legal advice. All customers should work with their own legal counsel to ensure they are taking all steps necessary towards GDPR readiness.

Prepare for data access and delete requests

  • Identify a process to receive/respond to Data Subject requests, including appointing a privacy point of contact.

  • Review the various customer data stored in Adobe Campaign and determine unique identifiers (there will likely be more than one).

  • Determine a validation/authentication policy & process for Data Subject identity confirmation.

  • Make sure that the Data Subject response is easy to understand.

Consider consent

  • Inventory and update as necessary all touchpoints for data capture for GDPR (e.g.: consider language, mechanism for consent, and consent logs).

  • Make sure all marketing emails include the unsubscribe links.

  • Assess global strategy for email marketing to determine geo-specific implementations.

Understand your data

  • Review all data import and capture sources where data is flowing into Adobe Campaign and document which fields are being used for your marketing efforts.

  • Remove any unused data attributes from your Adobe Campaign database.

  • Use data available in Adobe Campaign for the intent it was captured and give your recipients better personalized experiences.

  • Review and update data access permissions to help ensure users of Adobe Campaign can fully leverage only the data needed to run their campaigns, but not access any data beyond this.

  • Ensure each user of Adobe Campaign has the appropriate access rights to perform their required his/her tasks, but does not have any other rights to perform additional tasks.

How could Data Controllers obtain consent with minimal impact on user engagement?

In those instances where consent will be needed for certain marketing activities, consumer consent will need to be active (e.g., no silence as assent or pre-checked boxes), unbundled, and it may not be conditional upon offering the services. There may even be instances where certain consents need to be refreshed to be able to continue using data going forward. Rather than thinking of these enhanced GDPR consent requirements as a risk to the marketable universe, marketers could embrace the new consent requirements as a true indicator of brand engagement and loyalty, as well as customer satisfaction and trust.

How could Data Controllers manage consent in Adobe Campaign going forward?

Adobe Campaign already provides capabilities to manage consent at more levels than most marketers leverage via customized data fields or through one or more Services. Marketers should check with their legal counsel for guidance on how to proceed, and then take advantage of capabilities already built-in to Adobe Campaign. For example, extending the data model in Adobe Campaign to track not only if people have opted-in, but also the timestamp of the opt-in, and some type of indicator that captures the precise scope of consent.

What data can Data Controllers delete in Adobe Campaign in response to a consumer request by their consumers (data subjects)?

All data associated to the Data Subject will be deleted including out of the box and custom tables. In technical terms, all data linked to the Data Subject with integrity="own" will be deleted. As the Data Controller, you have the option of customizing this by changing the integrity of links defined in the data schemas (for example, in case you have a business justification to not delete certain data).

How are reports affected when delivery and tracking logs are deleted?

Reports in Adobe Campaign are based on indicators computed on aggregated data from delivery and tracking logs. As a result, removing the individual logs should not impact the metrics displayed on the reports.

Often times, Adobe Campaign is not the system of record, but is uploaded from an external data source. Do I need to be mindful of possibly re-importing data at a later date?

As the Data Controller you will need to ensure that when you receive a deletion request, you delete all necessary data about the Data Subject from all of your systems.

Can a Data Subject, whose data has been erased from Adobe Campaign, opt-in again later?

It is possible for a Data Subject to opt-in again or to be added as a new recipient after his/her data has been erased from Adobe Campaign. You can use the audit trail which details when the previous deletion was performed and when the new recipient has been created.

Adobe Campaign and GDPR

Close

Adobe Campaign and GDPR

The main capabilities

Here are five main capabilities offered by Adobe Campaign for GDPR.

  • Right to Access: allows the Data Subject to receive a copy of his/her personal data captured by Data Controllers, potentially including data stored in Adobe Campaign.

  • Right to Delete: entitles the Data Subject to have his/her personal data captured by Data Controllers erased, potentially including data stored in Adobe Campaign.

  • Consent management: allows the Data Subject to agree (or not) to the processing of his personal data.

  • Data retention: each table in Adobe Campaign is set with a specific retention period thus limiting data storage.

  • Rights management: Adobe Campaign provides access rights to allow you to manage which user can access different types of data.

Example of a use case scenario

Here is an example of a high-level GDPR customer experience use case.

In this example, we are considering an airline company as Adobe Campaign customer. This company is the Data Controller and all the consumers of the airline company are Data Subjects. Laura in this particular case is a consumer of the airline company.

Here are the different personas used in this example:

  • Laura is the Data subject. She’s the recipient who receives messages from the airline company. Laura may be a frequent flyer, but may decide at some point that she doesn’t want any personalized advertising or marketing messages from the airline company. She will ask the airline company (based on their process) to delete her frequent flier number.

  • Ann is the Data Controller. She receives Laura’s request, retrieves useful IDs requested to identify the Data Subject and submits the request in Adobe Campaign.

  • Then Adobe is the Data Processor.

Here is the general flow for this use case:

  1. The Data Subject sends a GDPR request to the Data Controller, via email, customer care or a web portal.

  2. The Data Controller pushes the GDPR request to Campaign via the interface or using an API.

  3. Once Campaign receives the information, it takes action on the GDPR request and sends a response or acknowledgement to the Data Controller.

  4. The Data Controller then reviews the information and sends it back to the Data Subject.

Right to Access and Right to be Forgotten

Close

Right to Access and Right to be Forgotten

Adobe Campaign offers Data Controllers two possibilities for performing GDPR access requests:

  • Via the Adobe Campaign interface: for each GDPR request, the Data Controller creates a new privacy request in Adobe Campaign
  • Via the API: Adobe Campaign provides an API that allows the automatic process of GDPR requests using SOAP.

Pre-requisite

Adobe Campaign offers Data Controllers tools to create and process GDPR requests for data stored in Adobe Campaign. However, it is the Data Controller's responsibility to handle the relationship with the Data Subject (email, customer care or a web portal). It is your responsibility as a Data Controller to confirm the identity of the Data Subject making the request and confirming the data returned to requester is about the Data Subject.

Installing the GDPR package

In order to use this feature, you need to install the General Data Protection Regulation (GDPR) package via the Tools > Advanced > Import package > Adobe Campaign Package menu. For more information on how to install packages, refer to the detailed documentation.

Note: Installation procedures described in this document are applicable to Campaign Classic 18.4 (build 8931+). If you are running on a previous version, refer to this technote

Two new folders, specific to GDPR are created under Administration > Platform:

  • Privacy Requests: this is where you will create your GDPR requests and track their evolution.
  • Namespaces: this is where you will define the field that will be used to identify the Data Subject in the Adobe Campaign database.

In Administration > Production > Technical workflows, three technical workflows run every day to process GDPR requests.

  • Collect privacy requests: this workflow generates the recipient's data stored in Adobe Campaign and makes it available for download in the privacy request's screen.
  • Delete privacy requests data: this workflow deletes the recipient's data stored in Adobe Campaign.
  • Privacy request cleanup: this workflow erases the access request files that are older than 90 days.

In Administration > Access Management > Named rights, the Privacy Data Right named right has been added. This named right is required for Data Controllers in order for them to use privacy tools. This allows them to create new requests, track their evolution, use the API, etc.

Namespaces

Before creating GDPR requests, you need to define the namespace you will use. The namespace is the key that will be used to identify the Data Subject in the Adobe Campaign database. Out-of-the-box, three namespaces are available: email, phone and mobile phone. If you need a different namespace (a recipient custom field, for example), you can create a new one from Administration > Platform > Namespaces.

Creating a GDPR request

Adobe Campaign allows you to create your GDPR requests and track their evolution. To create a new GDPR request, follow these instructions:

  1. Access the Privacy request folder under Administration > Platform > Privacy Requests.

  2. This screen allows you to view all the current GDPR requests, their status and logs. Click New to create a new GDPR request.

  3. Select the Request type (Access or Delete), select a Namespace and enter the Reconciliation value. If you're using email as the namespace, type in the Data Subject's email.

The GDPR technical workflows run once every day and process each new request:

  • Delete request: the recipient's data stored in Adobe Campaign is erased.

  • Access requests: the recipient's data stored in Adobe Campaign is generated and made available as an XML file in the left part of the request screen.

List of tables

When performing a Delete or Access GDPR request, Adobe Campaign searches all the Data Subject's data based on the Reconciliation value in all the tables that have a link to the recipient table (own type).

Here is the list of out-of-the-box tables that are taken into account when performing GDPR requests:

  • Recipients (recipient)
  • Recipient delivery log (broadLogRcp)
  • Recipient tracking log (trackingLogRcp)
  • Archived event delivery log (broadLogEventHisto)
  • Recipient list content (rcpGrpRel)
  • Visitor offer proposition (propositionVisitor)
  • Visitors (visitor)
  • Subscription history (subHisto)
  • Subscriptions (subscription)
  • Recipient offer proposition (propositionRcp)

If you created custom tables that have a link to the recipient table (own type), they will also be taken into account. For example, if you have a transaction table linked to the recipient table and a transaction details table linked to the transaction table, they will be both taken into account.

Warning:

If you perform GDPR batch requests using profile deletion workflows, please take into consideration the following remarks:

  • Profile deletion via workflows do not process children tables.
  • You need to handle the deletion for all the children tables.
  • Adobe recommends that you create an ETL workflow that add the lines to delete in the GDPR Access table and let the Delete privacy requests data perform the deletion. We suggest to limit to 200 profiles per day to delete for performance reasons.

The different statuses of a request

Here are the different statuses for GDPR requests:

  • New / Retry pending: in progress, the workflow has not processed the request yet.
  • Processing / Retry in progress: the workflow is processing the request.
  • Delete pending: the workflow has identified all the recipient data to delete.
  • Delete in progress: the workflow is processing the deletion.
  • Delete Confirmation Pending: (Delete request in 2-steps process mode) the workflow has processed the Access request. Manual confirmation is requested to perform the deletion. The button is available for 15 days.
  • Complete: the processing of the request has finished without an error.
  • Error: the workflow has encountered an error. The reason appears in the list of privacy requests in the Request status column. For example, Error data not found means that no recipient data matching the Data Subject's Reconciliation value has been found in the database.

2-steps process

By default, the 2-steps process is activated. When you create a new Delete request using this mode, Adobe Campaign always performs an Access request first. This allows you to check the data before confirming the deletion.

You can change this mode from the privacy request edition screen. Click on Advanced settings.

With the 2-steps mode activated, the status of a new Delete request changes to Confirm Delete Pending. Download the generated XML file from the privacy request screen and check the data. To confirm erasing the data, click on the Confirm delete data button.

JSSP URL

When processing Access requests, Adobe Campaign generates a JSSP that retrieves the recipient's data from the database and exports it into an XML file stored on the local machine. The JSSP URL is defined as below:

                  
"$(serverUrl)+'/nms/gdpr.jssp?id='+@id"
               

where @id is the privacy request ID

This URL is stored in the "File location" (@urlFile) field of the Privacy Requests (gdprRequest) schema.

The information is available in the database for 90 days. Once the request is cleaned up by the technical workflow, the information is removed from the database and the URL becomes obsolete. Please check that the URL is still valid before downloading the data from a web page.

Here is an example of a Data Subject's data file:

Data Controllers can easily create a web application including the corresponding JSSP URL to make the Data Subject's data file available from a web page.

Here is a code snippet you can use as an example in the web application Page activity.

                  
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Language" content="en"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" type="text/css" href="/nl/webForms/landingPage.css"/> <title>Clickthrough</title> <style type="text/css" media="all"> /* override formulary area */ .formulary { top: 200px; position: absolute; left: 0; } </style> </head> <body style="" class="">
<center>
<div id="wrap">
<div id="header"><img class="nlui-widget" alt="placeholder_header" src="/nms/img/contentModels/placeholder_header.png" unselectable="on" />
<div class="header-title center-title">DOWNLOAD GDPR DATA</div>
<div class="formulary center-formulary"><form>
<div class="button large-button"><a href=[SERVER_URL]/nms/gdpr.jssp?id=13000" data-nl-type="externalLink">CLICK TO DOWNLOAD</a></div>
</form></div>
</div>
<div id="content">
<div class="row">
<div class="info">
<div class="desc">
<div class="title">EFFICIENCY</div>
<div class="desc">Our service is guaranteed to improve your efficiency. Increase performance and use our high-technology service to implement even the most ambitious of projects.</div>
</div>
</div>
</div>
</div>
<div id="footer">
<div style="text-align: center;">
<div style="float: left;"><a href="#">Contact us</a></div>
<div style="float: right;">&copy; Copyrights</div>
<div><a href="#"><img title="facebook" class="nlui-widget" alt="facebook" src="/xtk/img/facebook.png" unselectable="on" /></a> <a href="#"><img title="Twitter" class="nlui-widget" alt="twitter" src="/xtk/img/twitter.png" unselectable="on" /></a> <a href="#"><img title="Google" class="nlui-widget" alt="google_plus" src="/xtk/img/google_plus.png" unselectable="on" /></a> <a href="#"><img title="Linkedin" class="nlui-widget" alt="Linkedin" src="/xtk/img/linkedin.png" unselectable="on" /></a></div>
</div>
</div>
</div>
</center>
</body> </html>
               

Since the access to the Data Subject's data file is restricted, the web page anonymous access must be disabled. Only operator with the Privacy Data Right named right can log on to the page and download the data.

Using the API

Adobe Campaign provides an API which allows you to setup an automatic GDPR request process.

With the API, the general GDPR process is the same as using the interface. The only difference is the creation of the GDPR request. Instead of creating the request in Adobe Campaign, a POST containing the request information is sent to Campaign. For every request, a new entry is added in the Privacy Requests screen. The GDPR technical workflows then process the request, the same way as for a request added using the interface.

If you're using the API to submit GDPR requests, we recommend that you leave the 2-steps process activated for the first Delete requests, in order to test the returned data. When your tests are finished, you can deactivate the 2-steps process so that the Delete request process can run automatically.

The CreateRequestByName JS API is defined as follows.

Attention: the Privacy Data Right named right is required to use the API.

                  
<method library="nms:gdpr.js" name="CreateRequestByName" static="true">
 <help>Create a new GDPR Request using namespace internal name</help>
 <parameters>
 <param name="namespaceName" type="string" desc="Namespace internal name"/>
 <param name="reconciliationValue" type="string" desc="Reconciliation value"/>
 <param name="type" type="long" desc="Reconciliation value"/>
 <param name="confirmDeletePending" type="boolean" desc="Request confirm before deleting data"/>
 <param name="id" type="long" inout="out" desc="ID of newly created request"/>
 </parameters>
 </method>
               

Invoking the API externally

Here is an example of how you can invoke the API externally (authentication via the API and details about the GDPR API specifically). For more information on the GDPR API, consult the JSAPI documentation. You can also consult the Web service calls documentation.

First of all, you need to perform the authentication via the API:

  1. Download the xtk:session WSDL via this url: <server url>/nl/jsp/schemawsdl.jsp?schema=xtk:session
  2. Use the "Logon" method and pass in a username and password as parameters in the request. You will get a response containing a session token. Here is an example using SoapUI.

  3. Use the returned Session Token as the authentication for all subsequence API calls. It expires after 24 hours.

Then you invoke the GDPR API:

  1. Download the WSDL from this URL: <server url>/nl/jsp/schemawsdl.jsp?schema=nms:gdprRequest
  2. Then you can use either CreateRequestByID or CreateRequestByName to create a specific GDPR request. Here is an example using the CreateRequestByName. Notice how we use the session token provided above as authentication. The response is the ID of the created request.

You can then check the tracking of the request. After submitting the request using the GDPR API, you can check its status to see if it's finished or if there are any errors. To do that, use the queryDef method to query the GDPR Request object and get its status. The queryDef method also allows you to download all of the data or confirm the delete.

Invoking the API from a JS

Here is an example of how you can invoke the API from a JS within Campaign Classic.

                  
loadLibrary("nms:gdpr.js");
/**************************** 
This code calls an API to create new Privay request on the DB
It requires 4 parameters below
Feel free to change parameter values 
****************************/
// 1. namespace internal name
var namespaceName = "defaultNamespace1";
// 2. reconciliation value for privacy request
var reconciliationValue = "example@adobe.com";
// 3. privacy request type
// GDPR_REQUEST_TYPE_ACCESS = 1;
// GDPR_REQUEST_TYPE_DELETE = 2;
var requestType = GDPR_REQUEST_TYPE_ACCESS;
// 4. confirm deleting data required
// value : true or false
var bConfirmDeletePending = true;
// BEGIN
var requestId = nms.gdprRequest.CreateRequestByName(namespaceName,reconciliationValue, requestType, bConfirmDeletePending);
// User can use a simple queryDef with requestID as a parameter to check request status
               

Consent, retention and roles

Close

Consent, retention and roles

Adobe Campaign offers other important features that can be helpful for GDPR readiness.

Consent management

Consent signifies agreement by the Data Subject to the processing of personal data relating to a Data Subject. Obtaining any necessary consent for that processing is the responsibility of the Data Controller. While Adobe Campaign may provide some features to help a customer manage consent related to the service, Adobe is not responsible for consent. Customers should work with their own legal departments to determine their own processes and practices for any necessary consent.

The features to help manage some aspects of consent have been core to Adobe Campaign since the beginning. Through our subscription management process, customers can track which recipients have opted-in to which type of subscriptions whether it be newsletters, daily or weekly promotions, or any other type of marketing program.

Refer to the detailed documentation.

Data retention

Regarding retention, standard log tables in Campaign have pre-set retention periods on them, generally limiting their data storage to 6 months or less.

The following are the default retention values for standard tables. Be aware that the retention configuration is set by Adobe technical administrators during implementation and values may vary for each implementation, based on customer requirements.

  • Consolidated tracking: 1 year

  • Delivery logs: 6 months

  • Tracking logs: 1 year

  • Deleted deliveries: 1 week

  • Import rejects: 6 months

  • Visitor profiles: 1 month

  • Offer propositions: 1 year

  • Events: 1 month

  • Statistics of event processing: 1 year

  • Archived events: 1 year

  • Pipeline events ignored: 1 month

And similar to delete, using standard workflow functionality, it is possible to set up retention periods for any custom table.

Reach out to the Adobe consultants or technical administrators to learn more about retention or if you need to set retention for custom tables.

Rights management

Adobe Campaign provides you the ability to manage the rights assigned to the various Campaign operators via different pre-built or custom named rights. One benefit is this allows you to manage who within your company can access different types of data. For example, you might have different marketers covering different geos and each marketer can only access data from their geo. Similarly, this functionality also allows you to configure different capabilities for each user, such as limiting who can send deliveries, or more relevant for GDPR, who can modify or export data.

Refer to the detailed documentation.