The General Data Protection Regulation (GDPR) came into full effect on May 25, 2018. As part of Adobe’s GDPR readiness project, we are enhancing our products, services, and processes, as necessary. With compliance being a shared responsibility, we look forward to partnering with you to address any new obligations for data governance and privacy by design features.
When Adobe is providing software and services to an enterprise, Adobe is acting as a data processor for any personal data it processes. As a data processor, Adobe only processes personal data in accordance with your company’s permission and instructions (for example, as set out in your agreement with Adobe).
As the data controller, you will determine the personal data that Adobe processes and stores on your behalf. If you use Adobe Creative Cloud or Adobe Document Cloud hosted services, you may upload content which includes personal data—for example, forms, contracts, photos and artwork containing people. Adobe’s Creative Cloud and Document Cloud hosted services include the storage of this personal data.
If you use our Adobe Experience Cloud solutions, Adobe may host personal data for you depending on the solutions you use and the information you choose to send to your Adobe Experience Cloud account. Detailed examples can be found here.
Practice of incorporating Privacy by Design in the development of our products and services. For example, we provide the capability in Adobe Analytics, Adobe Audience Manager, and Adobe Target to obfuscate IP addresses and allow individual level opt-outs.
Adobe complies with generally recognised and industry-recognised standards, certifications and statutory requirements. Moreover, suitable technical and organisational measures have been taken (TOMs), and hundreds of security processes and control mechanisms implemented (Link).
We have developed the Adobe Common Controls Framework, a foundational framework of security processes and controls to protect Adobe infrastructure, applications and services. More information on Adobe’s Common Controls Framework can be found here.