Data Governance and GDPR in Adobe Analytics

This video will walk you through Data Governance and how data labeling fits into GDPR readiness. It provides a hands-on example of data labeling using Data Governance.


The new data governance feature for Adobe Analytics plays a key part in supporting GDPR access and delete requests. Visitors to your website are called data subjects according to the GDPR law. They will be making GDPR requests to your brand. The requests that are made to Adobe’s central service API or user interface, branch out across each experience cloud product that you are subscribed to within the experience cloud organization that you have defined. Once the request has been processed, Adobe will return a response to you.

If it’s an access request, you’ll find a file with the data for that data subject. If it’s a delete request, you will receive confirmation that the data has been deleted. Then, you can format this data how you please and return it to your data subject. The way the new data governance feature fits into all this, is that for Adobe Analytics, it defines the settings of how you want your data to be processed. We can find data governance here in the admin menu. At the bottom, it’s called data governance. The example given in this video is not a recommendation of the label settings that should be defined for your custom data. Consult with your legal privacy representatives as you go through this process to ensure that your data settings have the appropriate GDPR settings. Before we can begin the labeling process which defines the settings for our data, we first need to map each report suite to an experience cloud organization. That’s what you see here in the middle. This user interface helps you manage that mapping process. In order to manage your report suite mappings, log in through or set up your experience cloud organization. If you do not have an experience cloud organization, you can work with your Adobe customer success manager or get one set up on For each report suite, you can also see your data retention policy. This data retention policy defines how long the data will stay in Adobe’s data centers before it is deleted. If you want your data retention policy changed, please reach out to your Adobe customer success manager. Now, let’s jump into the labeling process so that we can define our desired settings of how we want the GDPR requests to be handled. Here, I can see all of the variables that I have access to in Adobe Analytics. Let’s say that I’m an e-commerce company and I want to use a custom user ID for submitting GDPR requests.

Let’s say I’ve stored it here in my conversion dimensions. Let’s pretend like this variable three is my custom ID for submitting GDPR requests. I select this pencil icon.

This user ID is a big long number. I can’t identify the person with just that number; I’d have to look it up in a database. So, I’m going to select that one as indirectly identifiable. For the sensitivity type, I’m going to put none because it’s not geo-location data. Now, I’m want to let Adobe know that this is going to be an ID for submitting GDPR requests and this is an identifier for a person. Here is where I specify my name space. When you define these custom name spaces, make sure that this string name matches exactly what you’re submitting into the central service API. If the string name of this name space does not match, then it will not find the ID and your requests will not be processed. Now, let’s fast forward and pretend like I labeled all the variables in my report suite that have IDs, and I’ve given them the appropriate identity data labels.

Now, I want to define the delete labels for those IDs. Let’s just go back to our custom user ID.

I go here to the delete labels, and I’m going to select delete person for this variable because if it’s a shared device, let’s say at a library, I may not want anyone who walks into the library to be able to submit GDPR requests that affects this persons ID. Now that I’ve selected the delete label, let’s move on to the access labels.

For the same reason of having other people being to access the data, I’m going to select this one as an access person label. Now that I have told Adobe which IDs I’m using for submitting GDPR requests and I’ve identified the IDs, I’ve applied the delete labels, the access labels, and the sensitivity labels; I have finished my labeling process. And Adobe now knows what settings should be honored as the GDPR requests come through the API, or through the user interface. If I have other report suites that have the same variables and need the same settings applied, I can select the variables settings and click this copy to report suite button and select the report suites for which I want the settings to be copied over. It’s common for variables to not line up from one report suite to another.

After applying the labels, review that the labeling is correct in the destination report suite. These are the settings that will be applied as you submit GDPR requests through the API or the user interface. These settings can be changed at any time. If you decide to change your label settings later, then the new settings will be applied to the downstream GDPR requests that you submit from that point going forward. The purpose of this video is to show how to go through the process of defining my labels and my desired GDPR processing settings. Ultimately, the labels that you choose, and the settings for GDPR, are your responsibility to decide. Collaborate with your privacy and legal representatives as you go through this process.

For more information, please see the documentation.

On this page