This document will introduce you to what Adobe Campaign Standard provides to help you with your GDPR compliance when using our service.
GDPR is the European Union’s (EU) new privacy law that harmonizes and modernizes data protection requirements going into effect on May 25, 2018. GDPR applies to Adobe Campaign customers who hold data for Data Subjects residing in the EU.
In addition to the privacy capabilities already available in Adobe Campaign (including consent management, data retention settings, and user roles), we are taking this opportunity in our role as Data Processor to include additional capabilities, to help facilitate your readiness as Data Controller for certain GDPR requests.
This document presents all the tools and functionalities that Adobe Campaign provides, as well as best practices, to help you with your GDPR compliance when using our service.Read More
Adobe Campaign Standard includes the following capabilities, to help with your GDPR readiness: Right to Access, Right to Delete, Consent management, Data retention and User roles.
In this section, we will introduce those capabilities and present to you an example of a GDPR use case scenario to help you understand the general flow as well as the different personas involved: Data subject, Data Controller and Data Processor.Read More
In order to help you facilitate your GDPR readiness, Adobe Campaign now allows you to handle Access and Delete requests.
The Right to Access is the right for the Data Subject to obtain from the Data Controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. The controller shall provide a copy of the personal data, free of charge, in an electronic format.
Also known as Data Erasure, the Right to be Forgotten (delete request) entitles the Data Subject to have the Data Controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
Let's see how you can create Access and Delete requests and how Adobe Campaign processes them.Read More
In addition to the new Right to Access and Right to be Forgotten capabilities, Adobe Campaign offers other important features that are essential to GDPR:
Here are a few links on general information on GDPR:
While there are many new or enhanced requirements in GDPR, the core underlying principles of the current EU data protection requirements remain the same. Many of the data processor responsibilities in GDPR required of Adobe Campaign are already being met by the product functionality available in Adobe Campaign today. We are taking this opportunity to add additional functionality to help facilitate your GDPR readiness, where possible. Ultimately, we are here to work with our customers and do our part in helping them, the Data Controllers, achieve GDPR readiness.
Data Subject - In the context of the Adobe Experience Cloud, Data Subjects are Adobe’s customers consumers or end users.
Data Controller - In the context of Adobe Experience Cloud, Data Controllers are Adobe’s customers. They own and control the data they house on their consumers (Data Subjects). The Data Controller will usually appoint the privacy admin or other customer facing point of contact for GDPR requests. That person would be responsible for, among other things, providing the notices and obtaining any needed consents to collect end-user information. They are also responsible for validating who the Data Subject is and getting the right information from the Data Subject to pass it along to various different vendors including Adobe Campaign. Important: It is the responsibility of the Data Controller to confirm the identity of the Data Subject making the request and confirming the data returned to requester is about the Data Subject.
Data Processor - Adobe is considered a Data Processor. We process data based on the instructions and agreements we have with our enterprise customers (Data Controllers).
Consent - Signifies agreement by the Data Subject to the processing of personal data relating to a Data Subject. Consent is the responsibility of the Data Controller.
Access (Right to Access) - Also known as Subject Access Right, Access entitles the Data Subject to have access to, and information about, the personal data that a Data Controller has concerning them.
Delete (Right to be forgotten) - Also known as Data Erasure, entitles the Data Subject to have the Data Controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data.
Note: Adobe does not provide legal advice. All customers should work with their own legal counsel to ensure they are taking all steps necessary towards GDPR readiness.
Prepare for data access and delete requests
Identify a process to receive/respond to Data Subject requests, including appointing a privacy point of contact.
Review the various customer data stored in Adobe Campaign and determine unique identifiers (there will likely be more than one).
Determine a validation/authentication policy & process for Data Subject identity confirmation.
Make sure that the Data Subject response is easy to understand.
Inventory and update as necessary all touchpoints for data capture for GDPR (e.g.: consider language, mechanism for consent, and consent logs).
Make sure all marketing emails include the unsubscribe links.
Assess global strategy for email marketing to determine geo-specific implementations.
Understand your data
Review all data import and capture sources where data is flowing into Adobe Campaign and document which fields are being used for your marketing efforts.
Remove any unused data attributes from your Adobe Campaign database.
Use data available in Adobe Campaign for the intent it was captured and give your recipients better personalized experiences.
Review and update data access permissions to help ensure users of Adobe Campaign can fully leverage only the data needed to run their campaigns, but not access any data beyond this.
Ensure each user of Adobe Campaign has the appropriate access rights to perform their required his/her tasks, but does not have any other rights to perform additional tasks.
How could Data Controllers obtain consent with minimal impact on user engagement?
In those instances where consent will be needed for certain marketing activities, consumer consent will need to be active (e.g., no silence as assent or pre-checked boxes), unbundled, and it may not be conditional upon offering the services. There may even be instances where certain consents need to be refreshed to be able to continue using data going forward. Rather than thinking of these enhanced GDPR consent requirements as a risk to the marketable universe, marketers could embrace the new consent requirements as a true indicator of brand engagement and loyalty, as well as customer satisfaction and trust.
How could Data Controllers manage consent in Adobe Campaign going forward?
Adobe Campaign already provides capabilities to manage consent at more levels than most marketers leverage via customized data fields or through one or more Services. Marketers should check with their legal counsel for guidance on how to proceed, and then take advantage of capabilities already built-in to Adobe Campaign. For example, extending the data model in Adobe Campaign to track not only if people have opted-in, but also the timestamp of the opt-in, and some type of indicator that captures the precise scope of consent.
What data can Data Controllers delete in Adobe Campaign in response to a consumer request by their consumers (data subjects)?
All data associated to the Data Subject will be deleted including out of the box and custom tables. In technical terms, all data linked to the Data Subject with integrity="own" will be deleted. As the Data Controller, you have the option of customizing this by changing the integrity of links defined in the data schemas (for example, in case you have a business justification to not delete certain data).
How are reports affected when delivery and tracking logs are deleted?
Reports in Adobe Campaign are based on indicators computed on aggregated data from delivery and tracking logs. As a result, removing the individual logs should not impact the metrics displayed on the reports.
Often times, Adobe Campaign is not the system of record, but is uploaded from an external data source. Do I need to be mindful of possibly re-importing data at a later date?
As the Data Controller you will need to ensure that when you receive a deletion request, you delete all necessary data about the Data Subject from all of your systems.
Can a Data Subject, whose data has been erased from Adobe Campaign, opt-in again later?
It is possible for a Data Subject to opt-in again or to be added as a new profile after his/her data has been erased from Adobe Campaign. You can use the audit trail which details when the previous deletion was performed and when the new recipient has been created.
Here are five main capabilities offered by Adobe Campaign for GDPR.
Right to Access: allows the Data Subject to receive a copy of his/her personal data captured by Data Controllers, potentially including data stored in Adobe Campaign.
Right to Delete: entitles the Data Subject to have his/her personal data captured by Data Controllers erased, potentially including data stored in Adobe Campaign.
Consent management: allows the Data Subject to agree (or not) to the processing of his personal data.
Data retention: each table in Adobe Campaign is set with a specific retention period thus limiting data storage.
User roles: Adobe Campaign provides access rights to allow you to manage which user can access different types of data.
Here is an example of a high-level GDPR customer experience use case.
In this example, we are considering an airline company as Adobe Campaign customer. This company is the Data Controller and all the consumers of the airline company are Data Subjects. Laura in this particular case is a consumer of the airline company.
Here are the different personas used in this example:
Laura is the Data subject. She’s the recipient who receives messages from the airline company. Laura may be a frequent flyer, but may decide at some point that she doesn’t want any personalized advertising or marketing messages from the airline company. She will ask the airline company (based on their process) to delete her frequent flier number.
Ann is the Data Controller. She receives Laura’s request, retrieves useful IDs requested to identify the Data Subject and submits the request in Adobe Campaign.
Then Adobe is the Data Processor.
Here is the general flow for this use case:
The Data Subject sends a GDPR request to the Data Controller, via email, customer care or a web portal.
The Data Controller pushes the GDPR request to Campaign via the Privacy Core Service, Campaign's interface or using Campaign's API.
Once Campaign receives the information, it takes action on the GDPR request and sends a response or acknowledgement to the Data Controller.
The Data Controller then reviews the information and sends it back to the Data Subject.
Adobe Campaign offers Data Controllers three possibilities for performing GDPR access requests:
Adobe Campaign offers Data Controllers tools to create and process GDPR requests for data stored in Adobe Campaign. However, it is the Data Controller's responsibility to handle the relationship with the Data Subject (email, customer care or a web portal). It is your responsibility as a Data Controller to confirm the identity of the Data Subject making the request and confirming the data returned to requester is about the Data Subject.
Before creating GDPR requests, you need to define the namespace you will use. The namespace is the key that will be used to identify the Data Subject in the Adobe Campaign database. Out-of-the-box, two namespaces are available: email and mobile phone. If you need a different namespace (a profile custom field, for example), follow these steps.
Note: If you use several namespaces, you will need to create one GDPR request per namespace.
Click the Adobe Campaign logo in the top left corner, then select Administration > Namespaces.
In the list of namespaces, click Create.
Enter a Label.
If you want to use an existing identity service namespace, choose Map from Identity Namespace Service and select a namespace in the Identity Service Namespaces field. If you want to create a new namespace in Identity Service and map it in Campaign, select Create new and enter a name in the Identity namespace name field. To learn more about identity namespaces, refer to this page.
One Identity Service Namespace is mapped to one namespace in Campaign. You need to specify how the namespace will be reconciled in Campaign. Select a target mapping (Recipients, Real-time event or Subscriptions to an application). If you want to use several target mappings, you need to create one namespace per target mapping.
Click Create. You can now create GDPR requests based on your new namespace. If you use several namespaces, you will need to create one GDPR request per namespace.
Privacy Core Service Integration allows you to automate your GDPR requests in a multi-solution context through a single JSON API call. GDPR requests pushed from the Privacy Core Service to all Experience Cloud solutions are automatically handled by Campaign via a dedicated workflow.
Refer to https://adobe.io/apis/cloudplatform/gdpr.html to learn how to create GDPR requests from the Privacy Core Service.
Each GDPR core service job is split into multiple GDPR requests in Campaign based on how many namespaces are being used, one request corresponding to one namespace. Also, one job can be run on multiple instances. Therefore, multiple files are created for one job. For example, if a request has two namespaces and is running on three instances, then a total of six files are sent. One file per namespace and instance.
The pattern for a file name is : <InstanceName>-<NamespaceId>-<ReconciliationKey>.xml
InstanceName: the Campaign instance name
NamespaceId: Identity Service Namespace Id of the namespace used
Reconciliation key: Encoded reconciliation key
Adobe Campaign allows you to create your GDPR requests and track their evolution. To create a new GDPR request, follow these instructions:
Click the Adobe Campaign logo in the top left corner, then select Administration > Privacy tools.
This screen allows you to view all the current GDPR requests and their status. The left panel offers a search by label, status and type. Click Create to create a new GDPR request.
Enter a Label, select the Request type (Access or Delete), select a Namespace and enter the Reconciliation value. If you're using email as the namespace, type in the Data Subject's email.
The GDPR technical workflows run once every day and process each new request:
Delete request: the profile's data stored in Adobe Campaign is erased.
Access requests: the profile's data stored in Adobe Campaign is generated and made available as an XML file in the left panel of the request screen.
When performing a Delete or Access GDPR request, Adobe Campaign searches all the Data Subject's data based on the Reconciliation value in all the resources that have a link to the profiles resource (own type).
Here is the list of out-of-the-box resources that are taken into account when performing GDPR requests:
Profile delivery logs (broadLogRcp)
Profile tracking logs (trackingLogRcp)
Delivery logs (Subscriptions to an application) (broadLogAppSubRcp)
Tracking logs (Subscriptions to an application) (trackingLogAppSubRcp)
Subscriptions to an application (appSubscriptionRcp)
Subscription history of profiles (subHistoRcp)
Profile subscriptions (subscriptionRcp)
If you created custom resources that have a link to the profiles resource (own type), they will also be taken into account. For example, if you have a transaction resource linked to the profiles resource and a transaction details resource linked to the transaction resource, they will be both taken into account.
For this to work, you need to select the Deleting the target record implies deleting records referenced by the link option in the custom resource:
Here are the different statuses for GDPR requests:
By default, the 2-steps process is activated. When you create a new Delete request using this mode, Adobe Campaign always performs an Access request first. This allows you to check the data before confirming the deletion.
To change this mode, click Edit properties, in the top right corner of the Privacy Requests screen.
With the 2-steps mode activated, the status of a new Delete request changes to Delete confirmation pending. Download the generated XML file from the left panel of the request screen and check the data. To confirm erasing the data, click on the Confirm the deletion button.
Adobe Campaign provides an API which allows you to setup an automatic GDPR request process.
With the API, the general GDPR process is the same as using the interface. The only difference is the creation of the GDPR request. Instead of creating the request in Adobe Campaign, a POST containing the request information is sent to Campaign. For every request, a new entry is added in the Privacy tools screen. The GDPR technical workflows then process the request, the same way as for a request added using the interface.
If you're using the API to submit GDPR requests, we recommend that you leave the 2-steps process activated for the first Delete requests, in order to test the returned data. When your tests are finished, you can deactivate the 2-steps process so that the Delete request process can run automatically.
See the API documentation
Adobe Campaign offers other important features that can be helpful for GDPR readiness.
Consent signifies agreement by the Data Subject to the processing of personal data relating to a Data Subject. Obtaining any necessary consent for that processing is the responsibility of the Data Controller. While Adobe Campaign may provide some features to help a customer manage consent related to the service, Adobe is not responsible for consent. Customers should work with their own legal departments to determine their own processes and practices for any necessary consent.
The features to help manage some aspects of consent have been core to Adobe Campaign since the beginning. Through our subscription management process, customers can track which recipients have opted-in to which type of subscriptions whether it be newsletters, daily or weekly promotions, or any other type of marketing program.
Regarding retention, standard log tables in Campaign have pre-set retention periods on them, generally limiting their data storage to 6 months or less.
The following are the default retention values for standard tables. Be aware that the retention configuration is set by Adobe technical administrators during implementation and values may vary for each implementation, based on customer requirements.
Consolidated tracking: 6 months
Delivery logs: 6 months
Tracking logs: 6 months
Events: 1 month
Statistics of event processing: 6 months
Archived events: 6 months
Temporary entities: 7 days
Ignored pipeline events: 1 month
Delivery alerts: 1 month
Export audit: 6 months
And similar to delete, using standard workflow functionality, it is possible to set up retention periods for any custom table.
Reach out to the Adobe consultants or technical administrators to learn more about retention or if you need to set retention for custom tables.
Adobe Campaign provides you the ability to set access rights via different pre-built or custom roles. One benefit is this allows you to manage who within your company can access different types of data. For example, you might have different marketers covering different geos and each marketer can only access data from their geo. Similarly, this functionality also allows you to configure different capabilities for each user, such as limiting who can send deliveries, or more relevant for GDPR, who can modify or export data.
Refer to the detailed documentation.