Are you a HubSpot user? Or planning to integrate with HubSpot to market your business? Then you should be concerned about how it complies with the online data privacy laws, including the GDPR. This article will guide you through the key steps for aligning your use of HubSpot with GDPR.

What is HubSpot?

HubSpot provides an inbound marketing, sales, and customer relationship management platform that lets you grow your business better. The software provides various tools that help automate and manage your inbound marketing activities — like building website/ landing pages, creating blog posts and scheduling to auto-publish them later, and so forth.

Understand the key aspects of GDPR

What is GDPR? — The General Data Protection Regulation is the most extensive and comprehensive personal data protection law, introduced by the Information Commissioner’s Office (ICO) in the European Union (EU).

Scope of the legislation — Applies to any organization handling the personal data of individuals belonging to the EU member states, regardless of whether your business is physically located in the EU or not.

Enforcement — GDPR went into effect on May 25, 2018.

Cost of non-compliance — The fines/penalties for GDPR violation could be massive. Severe violations may cost up to €20 million or 4% of the organization annual global turnover of the prior fiscal year

The approach of HubSpot to GDPR compliance: What you need to know and do!

We are fully committed to providing features in HubSpot that enable easier compliance with the GDPR.  

Source: HubSpot

HubSpot has detailed in their Product Roadmap for GDPR Compliance about what changes they have made and the measures that have been taken to make their products and services GDPR-ready. So let’s get to know what those changes are and what are the tasks left up to you!

1. Legal basis for processing personal data 

What HubSpot did?

HubSpot has added a contact property Legal basis for processing contact’s data to track lawful basis of processing personal data through contract, legitimate interest, and/or consent for your HubSpot contacts.

What you have to do?

To perform most of the GDPR-compliant actions and activities in HubSpot, you must be a Super admin, and most importantly, you must enable the GDPR features in your HubSpot account. To enable GDPR features in your HubSpot account:
Step 1: Sign in to your HubSpot account > Click ⚙️(settings icon) > Select Account defaults from the left sidebar.
Step 2: Using the toggle button, enable the EU General Data Protection Regulation (GDPR) option. 
Step 2.1: Check the Only allow marketing emails to be sent to contacts who have a legal basis to communicate option to allow sending marketing emails only to those contacts having a legal basis to communicate.
Step 3: Click Save to save the settings.

To view property:

Step 1: Sign in to your HubSpot account > Click ⚙️(settings icon).

Step 2: Select Properties from the left sidebar > Search for and click the property named Legal basis for processing contact’s data.

Viewing Property in HubSpot

To grant legal basis for a specific contact to process their data:

Step 1: After signing in to your HubSpot account > Click Contacts on the header menu > Choose Contacts from the dropdown.

Step 2: Click the name of the contact to which the legal basis is to be granted > Select About this contact in the left panel > Scroll down to click View all properties.

Step 3: Search for and click the property named Legal basis for processing contact’s data > Select a value for the property and click Save.

Granting legal basis to process a single contact’s data in HubSpot

To grant legal basis for contacts in bulk:

Step 1: After signing in to your HubSpot account > Click Contacts on the header menu > Choose Contacts from the dropdown.

Step 2: Select all contacts > Click More > Select the Add legal basis for processing contact’s data option.

Granting legal basis for HubSpot contacts in bulk

Step 3: Click the dropdown to select one or more legal basis for processing contact’s data > Click Update.

Selecting the legal basis for processing contact’s data in HubSpot

Refer to the HubSpot Knowledge Base to have an in-depth knowledge about tracking lawful basis of processing contacts’ data.

2. Consent collection and management 

What HubSpot did?

Under GDPR, an organization must obtain an explicit affirmative consent from individuals before collecting their personal data. Therefore, HubSpot created settings to help you collect, track, and manage consent, agreeing to the terms of GDPR.

What you have to do?

The information included in your request for consent must be clear and concise. Also ensure you present the details in a plain language, so that your HubSpot contacts will be able to quickly access and easily understand it. 

To add notice and consent information to your HubSpot form:

Step 1: Sign in to your HubSpot account > Click Marketing on the header menu > Choose Forms from the dropdown.

Step 2: Click the Create a free form/Create form button to create a new form

Or 

Click the name of an existing form, if you want to add legitimate interest to it.

Step 3: Choose a form type from Embedded form, Standalone page, Pop-up box, Dropdown banner, Slide in left box, and Slide in right box > Click Next.

Step 4: Select the Form tab > Scroll down to Notice and consent / legitimate Interest (GDPR) in the left panel > Click the dropdown menu.

Step 5: Choose the required option from Consent checkbox for communications; form submit as consent to process, Consent checkboxes for communications and processing, and Legitimate interest > Click Next.

Adding notice and consent information to HubSpot forms

Step 5.1: Now, click the pencil icon to change the default communication text, consent to communicate checkbox, process consent text, privacy text, and so forth > Click Next to save this and proceed to further other configurations.

Changing the default notice and consent text in HubSpot

Click here to understand in detail about adding notice and consent/legitimate interest to your HubSpot forms.

3. Consent withdrawal 

What HubSpot did?

HubSpot enables users withdraw their consent from your marketing emails/subscription preferences page whenever they want.

What you have to do?

Your contacts must be able to withdraw their consent at any time. Here’s how you can configure a link to unsubscribe in your marketing emails:

Step 1: Sign in to your HubSpot account > Click your account name > Select Profile & Preferences.

Step 2: Scroll down to the CRM Communication section > Using the toggle button, enable the Include a link to unsubscribe from all emails option.

Step 3: Select an appropriate option from the Choose text for subscribe link section, and you’re done. All the settings and changes that you’ve made will be saved automatically!

Adding an unsubscribe link to marketing emails in HubSpot

4. Use of cookies 

What HubSpot did?

GDPR requires you to inform users and receive their consent to use any cookies except the so-called “strictly necessary” cookies. Hence, HubSpot made provisions to let you configure and customize your cookie policy.

What you have to do?

You must inform users about your use of any type of unessential cookies (For example:- cookies used to collect analytics data, do remarketing or targeted advertising, etc.) through your Privacy Policy page or a separate Cookie Policy page. 

By implementing a cookie consent banner, you could give users the sole freedom to accept or reject your use of cookies. This way, you can not only ensure your marketing activities comply with the GDPR, but also gain the trust of your contacts.

Make sure you explain all the necessary information with regard to the types of cookies you use, how they are being used, their purposes, and the methods to opt-in and opt-out of these cookies.

So here’s how you can customize and configure the default Cookie Policy in HubSpot: 

Step 1: Sign in to your HubSpot account > Click ⚙️(settings icon).

Step 2: Select Cookies from the left sidebar > Click the Default policy.

Step 3: Using the toggle button, enable the following options.

  • Use cookies
  • Notify visitors that your site uses cookies
  • Require opt-in

Step 4: Scroll down if you want to customize the following fields

  • Notification terms text (content shown in your cookie banner).
  • Accept button label
  • Decline button label
  • Disclaimer text (text that needs to be shown if an opt-in is required).

Step 5: Click Apply to save your settings.

Cookie Policy settings in HubSpot

Step 6: Ensure you publish your cookie policy using the toggle as shown below.

Publishing Cookie Policy in HubSpot

Click here to know in detail about customizing cookie tracking settings in HubSpot.

5. Deletion of personal data 

What HubSpot did?

Hubspot introduced a “GDPR Delete” function that allows you to permanently delete all sorts of information about individuals when they raise deletion requests.

What you have to do?

Follow the steps below when your contacts request you to delete their personal information:

Step 1: After signing in to your HubSpot account > Click Contacts on the header menu > Choose Contacts from the dropdown.

Step 2: Click the name of the contact whose personal data needs to be deleted.

Step 3: Click Actions from the left panel > Click the Delete option.

GDPR-compliant data deletion in HubSpot

Step 4: Select the Permanently delete this contact and all its associated content to follow privacy laws and regulations option > Click the Delete contact option to confirm.

Confirming data deletion in HubSpot

6. Accessibility/portability of personal data

What HubSpot did?

Under GDPR, your contacts must have the right to access your storage of all the information concerning them. So HubSpot has prepared to give your contacts access to their personal data and allow them to export their data in a machine-readable format.

What you have to do?

Here’re the steps to export HubSpot contacts:

Step 1: After signing in to your HubSpot account > Click Contacts on the header menu > Choose Contacts from the dropdown.

Step 2: Select the required contact > Select the All contacts tab > Click Export view.

Selecting Export view in HubSpot

Step 3: Select the required file format (CSV, XLS, or XLSX) > Click Export. Now, an email with a download link to your export file will be sent to the respective email address (recipient).

Exporting file in HubSpot

Click here to learn more about exporting contacts in HubSpot.

7. Modification of personal data

What HubSpot did?

Your contacts can request you to modify their personal data. HubSpot has enabled your contacts to raise data modification requests from right within their contact records.

What you have to do?

When your contacts require you to edit/modify their data, here’s what you need to do. You can edit the details of your HubSpot contacts either individually or in bulk, according to the requirement.

Step 1: After signing in to your HubSpot account > Click Contacts on the header menu > Choose Contacts from the dropdown.

Step 2:  Select all contacts or the required (one or more) contacts individually > Click Edit.

Step 3: Select a Property to update from the dropdown menu > Enter the required Property details > Click Update.

Bulk editing contact information in HubSpot

8. Security measures taken to safeguard personal data

HubSpot has strengthened their security measures to offer additional protection for the customer’s data by using highly efficient systems for authentication, authorization, and massive scale auditing.

Check out the GDPR compliance checklist by HubSpot for deeper insights.

Closing thoughts

If you target EU citizens for your inbound marketing and sales using the HubSpot platform, then you must adhere to the requirements of the GDPR legislation. HubSpot has already taken all the efforts to help you comply with the terms of GDPR. So now it’s your part to take necessary steps for aligning your use of HubSpot with GDPR.

Disclaimer:
This article is intended to be used for informational purposes only and does not constitute any form of legal advice. We recommend you seek a subject matter expert or your own attorney for any legal advice on making your use of HubSpot fully compliant with the GDPR.