Adobe Experience Manager Readiness for Data Protection and Data Privacy Regulations
WARNING
NOTEAdobe is providing documentation and procedures (with APIs when available), for the customer privacy administrator or AEM administrator to handle data protection and data privacy requests. It can help you become compliant with these regulations. The procedures documented let customers run the regulatory requests manually or by calling into APIs, where available, from an external portal or service.
CAUTIONIntroduction
Instances of Adobe Experience Manager, and the applications that run on them, are owned and operated by Adobe customers.
As a consequence, data protection regulations, such as GDPR, CCPA, and others, are largely the responsibility of the customers.
As a brief introduction, the regulations for data privacy and protection include new rules to be followed by the roles of:
-
Business Entities (CCPA) and/or Data Controllers (GDPR)
-
Service Providers (CCPA) and/or Data Processors (GDPR)
The main provisions in such regulations are:
-
Expanded definition of personal data to include all unique IDs; as in directly and indirectly identifiable data.
-
Strengthened consent requirements.
-
Increased focus on deletion rights (Data Erasure).
-
Opt-Out of Sale of Data.
For Adobe Experience Manager:
-
The instances, and applications that run on them, are owned and operated by the customer.
-
The customer manages the regulatory roles, including Business Entities and Service Provider, Data Controller, and Data Processor, among others.
-
The Adobe Experience Platform Privacy Service is not part of the workflow for AEM, as illustrated in the diagram below.
-
-
AEM includes documentation and procedures for the customer’s privacy administrator and/or AEM administrator to execute the privacy regulation requests; either manually or through APIs, when available.
-
No new service or UI has been added.
- Instead procedures and APIs are documented for use by the customer UIs/portals that handle privacy regulation requests.
-
AEM does not include any out-of-the-box tooling to support the privacy requests workflow.
- Adobe provides documentation and procedures for the customer’s privacy administrator and AEM administrator, letting them manually run requests related to the privacy regulations.
Adobe is providing procedures for handling privacy requests related to Access, Delete, and Opt-Out for Adobe Experience Manager. Sometimes, there are APIs available that can be called from a customer developed portal or scripts to help with automation.
The following diagram illustrates what a privacy request workflow might look like (illustrated using Adobe Experience Manager 6.5):
Adobe Experience Manager and Regulatory Readiness
See the sections below for regulatory documentation for product areas of AEM.
AEM Foundation
See Handling Data Protection and Privacy Requests for the AEM Foundation.
AEM Opting Into Aggregate Usage Statistics Collection
See Aggregated Usage Statistics Collection.
AEM Sites
See AEM Sites - Data Protection and Privacy Readiness.
AEM Commerce
See AEM Commerce - Data Protection and Privacy Readiness.
AEM Mobile
See AEM Mobile - Data Protection and Privacy Readiness.
AEM Integration with Adobe Target & Adobe Analytics
These Adobe Experience Manager integrations are with data protection and privacy (for example, GDPR or CCPA) ready services. No personal data from Adobe Target or Adobe Analytics is stored in AEM in relation to the integrations.
For more information, see the following:
AEM Communities
AEM Communities bestow upon the data subjects right to their data portability, right to access, and right to be forgotten by out-of-the-box APIs. These APIs enable bulk deletion and bulk export of user-generated content, and disabling user accounts identified through their authorizable IDs. However, permanent deletion of user account is realizable through deletion of user node in CRXDE Lite, which addresses the need of easy Opt-out from the system.
Also, AEM Communities offers privacy by design owing to its Bulk Moderation console, which allows privileged members to find and delete the contributions and details of the users. The Members management console enables limiting to the point of banning a contributor. Moreover, it authorizes the data subjects to delete the contributions authored by them.
AEM Forms
AEM Forms include components and workflows that capture, process, and store data to orchestrate business processes and complete digital transactions. Different components use different data stores and allow integration with custom data stores as well. The following documentation explains procedures and guidelines for accessing and handling user data to support data protection and privacy (for example, GDPR or CCPA) workflows for a component.
- Forms Portal
- Correspondence Management
- Integration with Adobe Sign
- Forms-centric workflows on OSGi
- Forms JEE workflows (AEM Forms JEE only)
- Document Security (AEM Forms JEE only)
- User Management (AEM Forms JEE only)
Experience Manager
Rapid Feature Releases with AEM Cloud: Telegraph Media Group’s RDE Strategy
Hear how Telegraph Media Group, the award-winning publisher of The Daily Telegraph, The Sunday Telegraph, The Telegraph Magazine,...
Wed, Mar 19, 3:30 PM PDT (10:30 PM UTC)
The True Cost of a Failed Implementation
A failed implementation isn’t just an inconvenience — it costs real revenue. Poor execution and misaligned tools disrupt pipelines,...
Wed, Mar 19, 2:00 PM PDT (9:00 PM UTC)
Connect with Experience League at Summit!
Get front-row access to top sessions, hands-on activities, and networking—wherever you are!
Learn more