Is your HubSpot environment already GDPR-proof?

3 min read
Apr 29, 2024 12:04:16 PM
In May 2018, all settings were released within HubSpot's Marketing & Sales software to "GDPR-proof" things. Also, the Product Playbook has been launched by HubSpot which gives you text and explanation on the changes within HubSpot regarding the GDPR...


In May 2018, all settings were released withinHubSpot 's Marketing & Sales software to set things up "GDPR-proof". Also theProduct Playbook has been launched by HubSpot which gives you text and explanation about the changes within HubSpot regarding the GDPR. In this blog, I highlight some important things to consider when using HubSpot.

Policy first

"How do we handle the processing and use of personal data of our customers and contacts?" This question may sound like an open door, but it is a very important one. Remember that GDPR compliance - from processing data to protecting it - is an organization-wide responsibility! The organization's policy on GDPR comes first, and after that comes the plan on how to deal with it from the commercial departments (Marketing and Sales). So it is more than just a task of Marketing or Sales.

europe-3220193_1920-610909-editedYou are probably very busy with GDPR. Now the final translation to your technical environment remains to be done. As an official HubSpot Diamond partner, we offer help in making your HubSpot environment GDPR-proof. According to a clear and complete roadmap

GDPR: opportunity or threat?

You can see GDPR as a threat to your commercial activities. However, you can also see it as an opportunity: Inbound and the GDPR go hand in hand! You collect new leads that are genuinely interested in your organization, your products or your services. The inactive contacts in your database, who have no connection (anymore) with your organization - and therefore have very little chance of becoming your customer - slowly but surely disappear from your database. Moreover, you can show on your website and other channels that you feel responsible for other people's privacy.

HubSpot: what to look out for?

HubSpot's Product Playbook explains HubSpot's various features that will help you collect and store data according to GDPR rules. I list the things I think you can at least pay attention to:

  • Turn on the GDPR functionality in HubSpot so that all features around GDPR are shown in the software.
  • Capture website activity with cookies. As you probably already know, from now on people should be notified when their browsing behavior is tracked through cookies. Not only that; they must also give permission for this. HubSpot has several things set up regarding cookies that are in line with GDPR regulations.
  • Collect new contact information via Forms (leads). In Forms where people might leave personal data (think offering a white paper), you will need to ask for permission to a) process that data and b) if applicable, whether you may contact them for other purposes in the future (think newsletter or something similar)
  • There are more ways to collect leads than just Forms: remember that you can also collect data through Conversations (the chat feature) and Meetings (scheduling physical appointments using a link to the calendar). The same rules apply here as with Forms; after all, you are processing personal data!
  • Sending Marketing Emails: if you have received 'consent' to email someone for - for example - a newsletter, there are several settings in the Email environment within HubSpot that smoothly guide you through each new mailing.
  • Communication Preferences Page: there are also some innovations around Subscription Types and the Subscription Page (communication preferences page). Take a look at these as well and check for GDPR compliance.
  • Have data modified or deleted: in each individual Contact Record within HubSpot, you can view data and delete it if desired. Previously, you could choose to archive data, but since the advent of GDPR, it is possible to permanently delete data. It is recommended that you make clear arrangements internally how and where a request to change or delete data can be made.
  • Refer to the privacy policy on your website: the GDPR requires that people are informed about how their data is handled, how data is protected et cetera. So you can bring your privacy and cookie policy up to date and refer to it (for example, from a Form).
  • What do I do with my current database? There are several ways, automated or manual, to modify the 'Lawful Basis' (read: the various 'reasons' for being allowed to process or do something with data) in HubSpot. For example, consider customers who want to send you an invoice because they have a contract with you. They fall under Lawful Basis "Performance of Contract.
  • What about Emails sent from Sales? HubSpot also points you to sequences sent from Sales in the Product Playbook.

I wish you good luck with translating the new legislation to your technical environment. As an officialHubSpot Diamond partner, we can also help you GDPR-proof your HubSpot environment.

Disclaimer: This is not a legal document or advisory document. It provides background information which will help you better understand the AVG/GDPR.


Want to stay updated on all HubSpot changes? Subscribe to our newsletters, follow us on Instagram or join our HubSpot User Days!

Explore HubSpot User Days