HubSpot: Taking Control Of GDPR

This GDPR article was written by Pamela Vaughan from HubSpot. The Original article can be accessed here.

As you might already know, the GDPR (General Data Protection Regulation) is a new regulation that will toughen organisations’ obligations when dealing with the personal data of citizens from the European Union (EU). And finding out if your company or the software is using is GDPR compliant has recently become a national sport.

Because it will affect all organisations that control or process the data of EU citizens, so even if your company is based outside the EU, the GDPR will apply to you.

This new legal framework will have profound implications on how marketers manage their relationship with prospects and customers.

It will come into effect on May 25, 2018, and penalties for violations will be significant.

In this article, you’ll learn how to use HubSpot’s current set of GDPR-friendly features.

HubSpot can’t help companies be fully compliant — you should seek legal advice if needed — but there are many GDPR-friendly features already available in the HubSpot software.

Stage 1: Data Collection - Landing Pages, Forms And Double Opt-In.

Under GDPR, a contact needs to be informed that their data will be stored and used by a company when they’re submitting it. Consent will need to be “freely given, specific, informed, and unambiguous,” with companies using “clear and plain” legal language that is “clearly distinguishable from other matters.”

Since HubSpot helps you create your own landing pages and forms and add whatever text you wish, you already have the tools you need to inform your prospects on how you plan to use, store, and process their data and of their right to withdraw consent, all of which will help you meet your GDPR consent obligations.

How to track content in forms

Here’s how to enable consent tracking in forms in your HubSpot account:

Go to Contacts > Forms.
Create a new form or edit one.
In the Fields section, click Create new. This will open a lightbox to create a new property that you’ll be able to use as a form field in all your forms.
Define a Label for it, and in Field, Type select the Single checkbox.
Save the property.
On the left list, find the new property you’ve just created and add it to your form either by clicking on it or by dragging it to the position where you want it to be displayed.
Click on the asterisk button to make the field required.
Click on the pencil to edit the field and modify the label. Remember, it has to be clear and inform the user about what they’re consenting.
If you’re using different forms, remember to add and modify this new property in all of them.

How to set up double opt-in

Double opt-in is a procedure that allows visitors who fill out a form to confirm they want to receive communications from you.

The GDPR is silent on whether this form of consent is required. And unless guidance to the contrary is issued by the EU or our supervisory authority, our view is that this is not mandatory under the GDPR.

That said, many businesses will prefer to use ‘double opt-in’ as an additional protective measure, obtaining consent from a specific individual.

Once enabled, the double opt-in feature sends an opt-in request email to all contacts who submit a form for the first time on your website. To start using it in your account, follow these steps:

Go to Content > Content Settings
In the left menu, click Email > Double Opt-In
Under “Opt-in request email,” click Edit email and personalize the message your contacts will receive once they submit their first form on your website.
Under confirmation page, click Create new page to open the landing page editor and set up the page where your contacts will be sent when they click the confirm opt-in link in your email.
If you want, you can also create a follow-up email to be sent after visitors have confirmed they want to opt-in. To do so, check the Include follow-up email box and then click on Create/Edit Email.
Enable it on your site using the radio boxes under the Enable options section. You can decide which pages will trigger the double opt-in feature.
Save changes.

Stage 2: Data Storage & Processing - Exporting Contacts & Modifying/ Updating Data

Individuals always had the right to request access to their data. But the GDPR enhances these rights. The timescale for processing an access request will also drop significantly from the current 40 day period.

HubSpot is working on functionality to ensure the service is fully GDPR compliant by the May 2018 deadline. Customers and prospects should follow our GDPR web pages for further updates in this area over the coming months.

That said, the HubSpot software already lets you export data from a person’s contact record from your HubSpot portal in a user-friendly format. It’s as simple as searching for the person’s contact record and then taking the desired action. The whole process takes seconds.

This will assist customers in complying with a contact’s request for a copy of their data. Either to move to another provider or to check what personal data you hold about them in your HubSpot account.

How to export contacts

Go to Contacts > Contacts.
Search and select a contact.
On the left-hand menu, under All Contacts, click Options.
Click Export.
Select which email address you want the export document to be sent, and in which format.
Select if you want the current property columns or all properties included in the export.
Click Export.

How to modify/update data

]Under the current legislation, individuals already have the right to ask you to modify or update data you hold on them in your systems (for example if they change email address). This will not change under the GDPR, but as we know, the penalties for breach under the GDPR are more severe.

Follow this step-by-step process to learn how to edit the information on any contact property:

Go to Contacts > Contacts.
Search for the contact you want to edit, and click the name to open their contact record.
On the contact record, look for the About section and click on the property you would like to change to edit it.
Click Save.
If you don’t see the property you want to update, click on View all properties.
Search or browse for a contact property and click on the drop-down menu or field to make the changes.
Click Save.

Stage 3: End Of Relationship - Unsubscribe & Email Preferences

How to set up unsubscribe and email preferences

Go to Content > Content Settings.
In the left menu, click Email > Subscription Settings.
Your subscription settings will have default pages set up for you that you can continue to use if you’d like.
If you want to customize them, click View Template and clone.
Once you’re finished, go back to subscription settings and select your new template.
Save changes.

As you can see, there are many GDPR-friendly features you can use on your path to be compliant.

This new legal outlook is a great opportunity for marketers to revise how they’re approaching their prospects and customers. And what they can do to treat these relationships with the highest care.

We’re sure that this regulation will move all marketers toward a more user-friendly experience, and it will help shape a more transparent way to do business.

If you require any guidance on becoming GDPR-compliant online, don’t hesitate to get in touch via our Contact Us page.

Cookie	Type	Duration	Description
__hssrc	session	Session	Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
__hstc	third party	1 year	The main cookie set by HubSpot for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
cf_use_ob	session	1 minute	Used by CloudFare to display a notice in case the website is temporarily unavailable.
cookielawinfo-checkbox-necessary	session	11 months	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given the consent to the usage of cookies under the category 'Necessary'.
cookielawinfo-checkbox-non-necessary	session	11 months	This cookie is set by GDPR Cookie Consent plugin. The purpose of this cookie is to check whether or not the user has given their consent to the usage of cookies under the category 'Non-Necessary'.
csrftoken	persistent	11 months	This cookie is associated with Django web development platform for python. Used to help protect the website against Cross-Site Request Forgery attacks
JSESSIONID	third party	1 year	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
messagesUtk	session	13 months	This cookie is used to recognize visitors who use the HubSpot chat with via the chatflows tool. If the visitor leaves the site before they're added as a contact, they will have this cookie associated with their browser. If you chat with a visitor who later returns to your site in the same cookied browser, the chatflows tool will load their conversation history.
viewed_cookie_policy	session	1 hour	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Type	Duration	Description
__hssc	session	30 minutes	This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
_ga	third party	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, camapign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assigns a randoly generated number to identify unique visitors.
_gat	third party	1 minute	This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites.
_gid	third party	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
calltrk_landing	session	11 months	A cookie set by CallRail which stores the landing page URL so visitor source can be accurately attributed when displaying a tracking phone number.
calltrk_referrer	session	11 months	A cookie set by CallRail which stores the referring URL so visitor source can be accurately attributed when displaying a tracking phone number.
calltrk_session_id	session	11 months	A cookie set by CallRail which stores a unique identifier for a user browser session so it can be associated with a phone call if one occurs.
hubspotutk	session	1 year	This cookie is used by hubspot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Type	Duration	Description
_fbp	session	2 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
fr	third party	2 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
ig_did	third party	9 years	Cookie set by Instagram
NID	third party	6 months	This cookie is used to a profile based on user's interest and display personalized ads to the users.

Cookie	Type	Duration	Description
mid	session	9 years	The cookie is set by Instagram. The cookie is used to distinguish users and to show relevant content, for better user experience and security.
rur	third party	1 year	The cookie is set by instagram to enable the user to browse through the website securely by preventing any cross-site request forgery.

HubSpot: Taking Control Of GDPR

We value your privacy