Everything you need to know about GDPR and HubSpot
As we step into the new year and start with our resolutions and spring cleaning, there is no better time to revisit and refresh ourselves on best practices around GDPR and data hygiene. If you want your CRM system to be the beating heart of your business, then data accuracy is key. It’s the first step in any successful campaign you might have on the horizon, so we recommend making it a priority this quarter.
The General Data Protection Regulation (GDPR) has transformed how businesses collect, store, and process personal data, emphasising transparency and user rights. If you’re using HubSpot to manage your marketing, sales, or customer service activities, understanding how GDPR applies is essential to ensure compliance and maintain trust with your audience. This blog includes everything you need to know about GDPR and how to implement it effectively in HubSpot.
Marketing vs. Non-Marketing contacts in HubSpot
HubSpot allows you to classify your contacts as either marketing or non-marketing, which affects how you can communicate with them and how they are counted toward your subscription limits.
Marketing contacts
These are individuals you actively engage with through marketing emails, ads, and other promotional activities.
Marketing contacts count toward your HubSpot subscription limits.
Use marketing emails, automated workflows, and personalised campaigns to nurture and convert marketing contacts.
How does someone become a Marketing Contact?
Explicit opt-in: A contact becomes a marketing contact when they explicitly opt-in to receive promotional emails or communications through forms or other methods.
List membership: Adding a contact to a marketing-focused list or workflow in HubSpot can designate them as a marketing contact.
Manual updates: You can manually update a contact's status to marketing within HubSpot based on their engagement history or consent.
Integration data: If your HubSpot account integrates with other tools, contacts marked as marketing in those tools may automatically sync as marketing contacts in HubSpot.
Non-Marketing contacts:
These contacts are stored in your database but are not actively targeted with marketing communications.
Non-marketing contacts do not count toward your marketing contact tier limit.
Communication with non-marketing contacts is limited to one-on-one emails, customer service interactions, or sales outreach.
By categorising your contacts appropriately, you can optimise your marketing efforts while staying within your subscription plan’s limits.
What is GDPR?
The GDPR is a comprehensive data protection law enacted by the European Union (EU) in May 2018. Its primary goal is to safeguard the privacy and personal data of individuals within the EU. Key principles of GDPR include:
Transparency - Businesses must clearly explain how they collect and use personal data.
Consent - Individuals must provide explicit consent for data collection and processing
Access and control - Users have the right to access, modify, or delete their personal data.
Accountability - Organisations must implement robust measures to protect data and demonstrate compliance.
GDPR applies to any organisation that processes the personal data of EU citizens, regardless of the company’s location.
How does HubSpot address GDPR?
HubSpot offers a suite of tools and features to help businesses comply with GDPR regulations. These features enable you to manage data responsibly and provide your audience with the transparency and control they deserve. Here are the key ways HubSpot supports GDPR compliance:
Consent Management
Forms - HubSpot forms include options to capture explicit consent, such as checkboxes for opt-ins.
Email preferences - Users can easily manage their subscription preferences through dedicated pages.
Data management
Data access requests - HubSpot allows you to fulfil requests to access, modify, or delete personal data.
Anonymisation - Deleted contacts are permanently anonymised to protect user privacy.
Cookie tracking - HubSpot provides cookie banners to inform visitors about data collection and obtain their consent.
Activity logging - Comprehensive logging ensures you have a record of consent and data activity for auditing purposes.
Steps to ensure GDPR compliance in HubSpot
To maximise the effectiveness of HubSpot’s GDPR tools, follow these best practices:
Audit your data
Identify what personal data you collect and ensure it aligns with GDPR requirements.
Remove unnecessary data to minimise risk.
Update forms and workflows
Use HubSpot’s GDPR-compliant forms with clear consent options.
Create workflows to manage data access and deletion requests efficiently.
Customise your privacy policy
Ensure your privacy policy is up-to-date and clearly explains your data practices.
Link your privacy policy to forms and email footers.
Train your team
Educate your team about GDPR principles and HubSpot’s compliance tools.
Regularly review processes to maintain compliance.
Monitor and review
Use HubSpot’s reporting tools to monitor data activities and identify potential issues.
Periodically review your compliance measures to adapt to regulatory changes.
While GDPR compliance can sometimes seem complicated, as well as being a legal requirement for any business operating in the EU or dealing with EU citizens, the transparency around it can also help build stronger relationships with customers.
By being clear about who you can legitimately send marketing emails to and creating contact engagement lists, you’ll be able to ensure that those you get in touch with are warm contacts and that your open rate/click rates are likely to improve. In a time when we’re all receiving more marketing emails than ever before, an unwanted email can sometimes do more than good in terms of company reputation and prospect nurturing.
If you’d like a hand getting under the bonnet of your HubSpot CRM system and understanding where you could make improvements and get the most out of your subscription, check out how we could help with a HubSpot Data Audit here.
