As you might already know, the GDPR (General Data Protection Regulation) is a new regulation that will toughen organisations’ obligations when dealing with the personal data of citizens from the European Union (EU).
It will affect all organisations that control or process the data of EU citizens, so even if your company is based outside the EU, the GDPR will apply to you.
This new legal framework will have profound implications in how marketers manage their relationship with prospects and customers.
It will come into effect on May 25, 2018, and penalties for violations will be significant.
In this article, you'll learn how to use HubSpot’s current set of GDPR-friendly features.
HubSpot can't help companies be fully compliant — you should seek legal advice if needed — but there are many GDPR-friendly features already available in the HubSpot software.
Stage 1: Data Collection — Landing Pages, Forms, and Double Opt-in
Under GDPR, a contact needs to be informed that their data will be stored and used by a company when they're submitting it. Consent will need to be “freely given, specific, informed, and unambiguous,” with companies using “clear and plain” legal language that is “clearly distinguishable from other matters.”
Since HubSpot helps you create your own landing pages and forms and add whatever text you wish, you already have the tools you need to inform your prospects on how you plan to use, store, and process their data and of their right to withdraw consent, all of which will help you meet your GDPR consent obligations.
How to track consent in forms.
Here’s how to enable consent tracking in forms in your HubSpot account:
- Go to Contacts > Forms.
- Create a new form or edit one.
- In the Fields section, click Create new. This will open a lightbox to create a new property that you'll be able to use as a form field in all your forms.
- Define a Label for it, and in Field Type select Single checkbox.
- Save the property.
- On the left list, find the new property you've just created and add it to your form either by clicking on it or by dragging it to the position where you want it to be displayed.
- Click on the asterisk button to make the field required.
- Click on the pencil to edit the field and modify the label. Remember, it has to be clear and inform the user about what they're consenting.
- If you're using different forms, remember to add and modify this new property in all of them.
You can see the step-by-step process here:
How to set up double opt-in.
Double opt-in is a procedure that allows visitors who fill out a form to confirm they want to receive communications from you.
The GDPR is silent on whether this form of consent is required, and unless guidance to the contrary is issued by the EU or our supervisory authority, our view is that this is not mandatory under the GDPR.
That said, many businesses will prefer to use ‘double opt-in’ as an additional protective measure, obtaining consent from a specific individual.
Once enabled, the double opt-in feature sends an opt-in request email to all contacts who submit a form for the first time on your website. To start using it in your account, follow these steps:
- Go to Content > Content Settings
- In the left menu, click Email > Double Opt-In
- Under “Opt-in request email,” click Edit email and personalize the message your contacts will receive once they submit their first form on your website.
- Under confirmation page, click Create new page to open the landing page editor and set up the page where your contacts will be sent when they click the confirm opt-in link in your email.
- If you want, you can also create a follow-up email to be sent after visitors have confirmed they want to opt-in. To do so, check the Include follow-up email box and then click on Create/Edit Email.
- Enable it on your site using the radio boxes under the Enable options section. You can decide which pages will trigger the double opt-in feature.
- Save changes.
Follow this step-by-step process in the short video below:
Stage 2: Data Storage and Processing — Exporting Contacts, and Modifying and Updating Data
Individuals always had the right to request access to their data. But the GDPR enhances these rights. The timescale for processing an access request will also drop significantly from the current 40 day period.
HubSpot is working on functionality to ensure the service is fully GDPR compliant by the May 2018 deadline. Customers and prospects should follow our GDPR web pages for further updates in this area over the coming months.
That said, the HubSpot software already lets you export data from a person’s contact record from your HubSpot portal in a user-friendly format. It’s as simple as searching for the person’s contact record and then taking the desired action. The whole process takes seconds.
This will assist customers in complying with a contact’s request for a copy of their data, either to move to another provider or to check what personal data you hold about them in your HubSpot account.
How to export contacts.
- Go to Contacts > Contacts.
- Search and select a contact.
- On the left-hand menu, under All Contacts, click Options.
- Click Export.
- Select which email address you want the export document to be sent, and in which format.
- Select if you want the current property columns or all properties included in the export.
- Click Export.
How to modify/update data.
Under the current legislation, individuals already have the right to ask you to modify or update data you hold on them in your systems (for example if they change email address). This will not change under the GDPR, but as we know, the penalties for breach under the GDPR are more severe.
Follow this step-by-step process to learn how to edit the information on any contact property:
- Go to Contacts > Contacts.
- Search for the contact you want to edit, and click the name to open their contact record.
- On the contact record, look for the About section and click on the property you would like to change to edit it.
- Click Save.
- If you don’t see the property you want to update, click on View all properties.
- Search or browse for a contact property and click on the dropdown menu or field to make the changes.
- Click Save.
Stage 3: End of Relationship — Unsubscribe and Email Preferences
When you send emails to prospects and customers using the HubSpot marketing software, they include an unsubscribe button, which allows customers to easily let you know that they want to withdraw consent to receiving marketing emails from you. This feature also helps companies comply with the EU E-Privacy legislation governing direct marketing.
On the other hand, our email preferences functionality allows customers and prospects to choose which categories of email they want to receive.
How to set up unsubscribe and email preferences.
- Go to Content > Content Settings.
- In the left menu, click Email > Subscription Settings.
- Your subscription settings will have default pages set up for you that you can continue to use if you'd like.
- If you want to customize them, click View Template and clone.
- Once you're finished, go back to subscription settings and select your new template.
- Save changes.
As you can see, there are many GDPR-friendly features you can use on your path to be compliant.
This new legal outlook is a great opportunity for marketers to revise how they're approaching their prospects and customers and what they can do to treat these relationships with the highest care.
We're sure that this regulation will move all marketers toward a more user-friendly experience, and it will help shape a more transparent way to do business.
Disclaimer: This blog post is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand the GDPR. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this as legal advice or as a recommendation of any particular legal understanding.
Important Note: The information in this blog post was relevant and accurate as of December, 2017. HubSpot will continue to work on product features that will help our customers comply with the GDPR in time for the go-live date of May 25, 2018.