21 August 2018

HubSpot: Taking Control Of GDPR


This GDPR article was written by  Pamela Vaughan from HubSpot. The Original article can be accessed here.

As you might already know, the GDPR (General Data Protection Regulation) is a new regulation that will toughen organisations’ obligations when dealing with the personal data of citizens from the European Union (EU). And finding out if your company or the software is using is GDPR compliant has recently become a national sport.

Because it will affect all organisations that control or process the data of EU citizens, so even if your company is based outside the EU, the GDPR will apply to you.

This new legal framework will have profound implications on how marketers manage their relationship with prospects and customers.

It will come into effect on May 25, 2018, and penalties for violations will be significant.

In this article, you’ll learn how to use HubSpot’s current set of GDPR-friendly features.

HubSpot can’t help companies be fully compliant — you should seek legal advice if needed — but there are many GDPR-friendly features already available in the HubSpot software.

Stage 1: Data Collection - Landing Pages, Forms And Double Opt-In.

Under GDPR, a contact needs to be informed that their data will be stored and used by a company when they’re submitting it. Consent will need to be “freely given, specific, informed, and unambiguous,” with companies using “clear and plain” legal language that is “clearly distinguishable from other matters.”

Since HubSpot helps you create your own landing pages and forms and add whatever text you wish, you already have the tools you need to inform your prospects on how you plan to use, store, and process their data and of their right to withdraw consent, all of which will help you meet your GDPR consent obligations.

How to track content in forms

Here’s how to enable consent tracking in forms in your HubSpot account:

  • Go to Contacts > Forms.
  • Create a new form or edit one.
  • In the Fields section, click Create new. This will open a lightbox to create a new property that you’ll be able to use as a form field in all your forms.
  • Define a Label for it, and in Field, Type select the Single checkbox.
  • Save the property.
  • On the left list, find the new property you’ve just created and add it to your form either by clicking on it or by dragging it to the position where you want it to be displayed.
  • Click on the asterisk button to make the field required.
  • Click on the pencil to edit the field and modify the label. Remember, it has to be clear and inform the user about what they’re consenting.
  • If you’re using different forms, remember to add and modify this new property in all of them.

How to set up double opt-in

Double opt-in is a procedure that allows visitors who fill out a form to confirm they want to receive communications from you.

The GDPR is silent on whether this form of consent is required. And unless guidance to the contrary is issued by the EU or our supervisory authority, our view is that this is not mandatory under the GDPR.

That said, many businesses will prefer to use ‘double opt-in’ as an additional protective measure, obtaining consent from a specific individual.

Once enabled, the double opt-in feature sends an opt-in request email to all contacts who submit a form for the first time on your website. To start using it in your account, follow these steps:

  • Go to Content > Content Settings
  • In the left menu, click Email > Double Opt-In
  • Under “Opt-in request email,” click Edit email and personalize the message your contacts will receive once they submit their first form on your website.
  • Under confirmation page, click Create new page to open the landing page editor and set up the page where your contacts will be sent when they click the confirm opt-in link in your email.
  • If you want, you can also create a follow-up email to be sent after visitors have confirmed they want to opt-in. To do so, check the Include follow-up email box and then click on Create/Edit Email.
  • Enable it on your site using the radio boxes under the Enable options section. You can decide which pages will trigger the double opt-in feature.
  • Save changes.

Stage 2: Data Storage & Processing - Exporting Contacts & Modifying/ Updating Data

Individuals always had the right to request access to their data. But the GDPR enhances these rights. The timescale for processing an access request will also drop significantly from the current 40 day period.

HubSpot is working on functionality to ensure the service is fully GDPR compliant by the May 2018 deadline. Customers and prospects should follow our GDPR web pages for further updates in this area over the coming months.

That said, the HubSpot software already lets you export data from a person’s contact record from your HubSpot portal in a user-friendly format. It’s as simple as searching for the person’s contact record and then taking the desired action. The whole process takes seconds.

This will assist customers in complying with a contact’s request for a copy of their data. Either to move to another provider or to check what personal data you hold about them in your HubSpot account.

How to export contacts

  • Go to Contacts > Contacts.
  • Search and select a contact.
  • On the left-hand menu, under All Contacts, click Options.
  • Click Export.
  • Select which email address you want the export document to be sent, and in which format.
  • Select if you want the current property columns or all properties included in the export.
  • Click Export.

How to modify/update data

]Under the current legislation, individuals already have the right to ask you to modify or update data you hold on them in your systems (for example if they change email address). This will not change under the GDPR, but as we know, the penalties for breach under the GDPR are more severe.

Follow this step-by-step process to learn how to edit the information on any contact property:

  • Go to Contacts > Contacts.
  • Search for the contact you want to edit, and click the name to open their contact record.
  • On the contact record, look for the About section and click on the property you would like to change to edit it.
  • Click Save.
  • If you don’t see the property you want to update, click on View all properties.
  • Search or browse for a contact property and click on the drop-down menu or field to make the changes.
  • Click Save.

Stage 3: End Of Relationship - Unsubscribe & Email Preferences

How to set up unsubscribe and email preferences

  • Go to Content > Content Settings.
  • In the left menu, click Email > Subscription Settings.
  • Your subscription settings will have default pages set up for you that you can continue to use if you’d like.
  • If you want to customize them, click View Template and clone.
  • Once you’re finished, go back to subscription settings and select your new template.
  • Save changes.

As you can see, there are many GDPR-friendly features you can use on your path to be compliant.

This new legal outlook is a great opportunity for marketers to revise how they’re approaching their prospects and customers. And what they can do to treat these relationships with the highest care.

We’re sure that this regulation will move all marketers toward a more user-friendly experience, and it will help shape a more transparent way to do business.

If you require any guidance on becoming GDPR-compliant online, don’t hesitate to get in touch via our Contact Us page.

Privacy Preference Center

Strictly Necessary

Cookies that are necessary for the site to function properly.



These are used to track user interaction and detect potential problems. These help us improve our services by providing analytical data on how users use this site.

_ga, _gat, _gid

Close your account?

Your account will be closed and all data will be permanently deleted and cannot be recovered. Are you sure?