Adobe Document Cloud and General Data Protection Regulation (GDPR)

What is GDPR and how does it affect your business’s use of Document Cloud?

The General Data Protection Regulation (GDPR) is the European Union’s new privacy law that harmonizes and modernizes data protection requirements across the EU. While there are many new or enhanced requirements compared to previous EU privacy laws, the core underlying principles remain the same. The new rules have a broad definition of personal data and a wide reach, affecting any company that markets products and services to individuals in the EU. As your trusted Data Processor, we’re committed to helping you on your GDPR compliance journey.

GDPR readiness: A shared responsibility.

GDPR is a shared compliance journey, with the regulation setting out the obligations for the various parties. For Document Cloud users, the example below sets out the roles for enterprises and institutions (Data Controllers) technology providers (Data Processors) and the places where the Data Processor may need to help or partner with the Data Controller either through tools, processes, or documentation to help the Data Controller.
Enterprise controller
Enterprise responsibility

A strong foundation of security and privacy compliance.

We’ve implemented a set of certified security processes and controls called the Adobe Common Controls Framework to help protect the data entrusted to us. This framework helps us comply with several security and privacy certifications, standards, and regulations, including SOC 2, ISO 27001, and the EU-U.S. Privacy Shield.
  • Privacy by design

    Privacy by design

    Adobe has a long-standing practice of incorporating proactive product development efforts, which means we think about privacy at the outset when it comes to our software lifecycle. This is also known as “privacy by design.”
  • Data transfer

    Data transfer

    We’ve certified to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks for customer-related data. This provides our customers with the option of relying on these frameworks or entering into Standard Contractual Clauses (also known as EU Model Clauses) for the transfer of data from the EU to the U.S. You can find more information on this in our Privacy Center, along with information on how to request Standard Contractual Clauses. 
  • Contract terms
    Contract terms
    We’ve updated Adobe’s Data Processing Agreement to account for GDPR requirements.
  • Record of processing

    Records of processing

    We’re working to more formally document the privacy practices we have in place to comply with the enhanced record keeping requirements.
  • Data protection team

    Data protection team

    We currently have a chief privacy officer, an Irish data protection officer, and a dedicated privacy team, and will continue to evaluate whether we need to take any additional steps in light of the new requirements.
  • Product and process Innovation
    Product and process innovation
    We are constantly listening to our customers and looking for ways to simplify and further automate our product and service offerings to better support their GDPR needs.
Adobe online services are available only to users 13 and older and require agreement to additional terms and the Adobe Privacy Policy. Online services are not available in all countries or languages, may require user registration and may be discontinued or modified in whole or in part without notice. Additional fees or subscription charges may apply.