Knowledge Hub
10 December 2021

GDPR: what do you have to comply with in HubSpot?

Picture of Dylan ter Kuile Dylan ter Kuile

Ordering a ticket online, googling a recipe, posting a social media message or downloading a brochure. We carry out more and more transactions and actions on the web, and that list is growing every day. Someone's 'online life' is worth money because all that data says something about their (probable) behaviour as a consumer. The EU has introduced privacy legislation that organisations must adhere to, ensuring the protection of citizens against the collection of all this data. HubSpot has built in several features to help you comply with these regulations.

What is GDPR, and what is personal data?

First, a refresher course. The General Data Protection Regulation has been in force since 25 May 2018 in the Netherlands. Since that date, the same privacy legislation has applied throughout the European Union. The Dutch abbreviation is AVG: Algemene verordening gegevensbescherming.

According to the Dutch Data Protection Authority, personal data is all information about an identified or identifiable natural person. That means that information is either directly about someone or can be traced back to that person. This can be data such as their last name, first name and telephone number. There is also special personal data classified as sensitive information such as the person's race, sexuality, religion or health.

The GDPR has expanded the privacy rights of citizens and companies, and organisations must (be able to) demonstrate that they manage personal data carefully. Privacy regulators can fine those who fail to do so. The amounts can go up to 20 million euros!

What should you pay attention to with GDPR?

HubSpot has several features enabling you to comply with the GDPR rules. Firstly, it is necessary to set the GDPR functionality to 'standard' for all Hubspot components and 'tools' that collect data in order to work correctly. You can do this according to the steps below.

  • Click on the settings icon in the navigation bar
  • In the left column, select 'Account Defaults'.
  • Set the slider 'EU General Data Protection Regulation (GDPR)' to 'on'. Check the checkbox if you only want to send marketing e-mails to contacts with whom you are legally allowed to communicate.
  • Save your settings by clicking on 'Save'

AVG: waar moet je aan voldoen in HubSpot? | Cuex
When you have enabled the overall GDPR function, you have the option to manage specific settings regarding privacy and GDPR.


Cookie tracking settings & privacy policy notification

HubSpot uses cookies to track visitors and follow leads. A cookie is a text file that gets left in the browser of someone who visits your website. HubSpot does this to identify unique visitors during future visits.

The GDPR requires that you inform the visitor about this and ask permission before placing a cookie. It is the well-known notification that pops up nowadays that you click away before, for example, reading an online article or viewing a product. IIn HubSpot, you can give visitors the option 'to opt in' by default and create their own 'customised' notification.

AVG: waar moet je aan voldoen in HubSpot? | Cuex

Delete personal data

Leads and other contacts have the right under the new 'privacy law' to delete all their personal data. That involves removing all data from the database, such as emails, calls, and any other logged activities. The request must also be fulfilled within 30 days, although there are exceptions to the rule.

HubSpot has a so-called block-list functionality. Once a contact has been removed from the database, you cannot add them in the future. That is done based on anonymised data. Only when the same contact leaves his details again months later will he be readded to your account.

AVG: waar moet je aan voldoen in HubSpot? | Cuex

GDPR: online forms and pop-ups

It is mandatory when sending an online form to inform a visitor or lead what they are agreeing to. In HubSpot, you can easily request permission for:

  • the processing of personal data;
  • sending future e-mails and other messages.

You can vary with different texts and 'opt in' variants by using 1 or more checkboxes. 

AVG: waar moet je aan voldoen in HubSpot? | Cuex


Unsubscribe from e-mails 

HubSpot also makes it easy to add 'unsubscribe' links to different types of e-mail messages. That way, you are already partly complying with specific spam legislation in the AVG/GPDR.

Once you have enabled the global GPDR functionality in HubSpot, the 'unsubscribe' link is added by default for all users to use in their HubSpot account. All employees are able to adjust this setting when sending e-mails.

AVG: waar moet je aan voldoen in HubSpot? | Cuex

Meeting links

A text can also be added to meeting links, requesting permission to use personal data and send future e-mails.

In short

Privacy regulations have been tightened up, and implementing changes is not optional. HubSpot has tools that make it easy to meet the requirements, and the software is kept up-to-date. Use these settings, as they can prevent you from receiving huge fines.

In this blog, we have, of course, informed you about the various 'privacy options' in a nutshell. Are you experiencing problems, or do you want to know more? We will gladly help you!

Discover these 50 hacks to use HubSpot even more effectively

download the 50 HubSpot hacks
E-book Image

Want to know more?
We'd be happy to help.

Guus Verbeek
HubSpot Specialist
Next case study:
From a quick online order to a streamlined water softener installation.