You’ve probably heard of GDPR since its initial enforcement 3 years ago, but how do you know if it affects your business? And if it does, how can you help make sure your company is GDPR compliant?
What is GDPR?
The GDPR (General Data Protection Regulation) is an EU Regulation that came into effect on May 25th, 2018, to give private individuals more control over their own privacy as well as to increase the obligations and violation penalties for businesses and organizations that collect or process personal data.
At its essence, GDPR is based on consent – you need clear and informed consent from individuals to ensure that they are not forced into or unaware of the processing of their personal data. They must know exactly what they are consenting to and be informed of their right to withdraw that consent at any time. Through GDPR, businesses are also required to provide evidence that their processes are compliant and followed across the board.
Why your business must be GDPR compliant?
If your business a) markets products to people in the EU or b) monitors the behavior of people in the EU, you will need to be GDPR compliant, even if you are based outside of the EU. If you control or process the data of EU citizens, the GDPR applies to you.
The purpose of GDPR is to provide better, more secure, and more transparent experiences for customers. Complying will require effort, but it will make your customers’ lives better and grow your business as a result.
Here are some major benefits for businesses using GDPR:
- The GDPR has rules for your contacts to specify exactly what they want to receive from you. From a business perspective, it makes sense to only send emails to contacts who want to hear from you and to let them choose what they want. This leads to fewer unsubscribes and better deliverability.
- The GDPR requires increased transparency around data collection and processing. This means contacts can demand a copy of their data and ask what they are signed up for. Being able to respond quickly and easily demonstrates transparency, which leads to increased trust among your clients.
- The GDPR requires that contacts can request you delete them from your database. This helps weed out which contacts are interested in your products or services and allows you to focus on legitimate prospects.
- The GDPR requires lawful basis for processing, which is bad news if you are buying email lists. Again, communicating with contacts who have provided explicit consent allows you to focus on your true prospects and customers with no distraction.
How HubSpot Has Baked GDPR Compliance into Its Solution
There are several features to help all HubSpot customers be compliant:
- Lawful basis of processing – HubSpot has a multiselect property for tracking lawful basis that can be manually or automatically set and updated.
- Consent – Consent notices and checkboxes can be added to the forms, messages, and meetings tools. Upon submission, HubSpot logs the type of consent given and a timestamp in the contact record.
- Withdrawal of consent (or opt out) – On your contact’s email subscription preferences page, they can view the types of communications they have opted into, as well as withdraw their consent. Additionally, you can enable all 1:1 Sales Hub emails to include an unsubscribe link.
- Cookies – Under the GDPR, visitors need to be given notice that you are using cookies on your website to track their behavior and consent to it. You can capture your visitors’ consent for cookie tracking in HubSpot. Example:
- Deletion – HubSpot has a “GDPR delete” function that permanently deletes a contact, rather than storing their information in case they re-convert.
- Access/Portability – HubSpot enables you to grant any access/portability request by exporting contact records.
- Modification – If a contact asks you to change their information, you can do so from within the contact record.
Once you toggle the GDPR switch on, several features become enabled by default.
However you will still have to adjust your settings to be GDPR compliant. Here are the features that become available:
- The cookie consent banner toggles on by default
- GDPR delete functionality appears on contact records
- GDPR-ready forms are enabled
- Unsubscribe links in 1:1 sales emails are enabled by default
- A “consent to communicate” notice is added to live chat messages by default
- New meeting links include notice and consent messaging by default
- If you attempt to re-add a contact who was previously removed for GDPR, you will receive a warning
- Any notifications containing personal information prior to May 2018 are deleted
Key Ideas from the GDPR Playbook
To become fully GDPR compliant, you will have to do some work up front. To get started, the first thing you can do is to establish your cookie settings. Will your visitors need to opt into cookies? If so, what pages of your website will need cookie banners? After you consider these items, you can implement them in your HubSpot account settings.
You will also need to determine which type of lawful bases you will use to process and communicate with contacts before building your subscription types and forms. There are several types: legitimate interest (for leads or existing customers), performance of contract, or freely given consent. Then you can apply these different types of lawful bases to your subscriptions and forms, as well as your current contacts. For most subscriptions, you will use explicit consent. If you do not have lawful basis, you can gather consent using a permission pass campaign.
Finally, create a process for accessing, modifying, and deleting a contact’s information. Who should the contact reach out to, and how would they know to do so? Who on your team will handle the requests, and within what timeframe? How will you document the process?
How to Turn on GDPR Functionality in Your HubSpot Account
If you are a Super Admin or have Edit account defaults permissions enabled, you can turn on GDPR-compliant features in your account settings. To do so:
- In your HubSpot account, click the settings icon in the main navigation bar.
- In the left sidebar menu, select Privacy & Consent.
- Click to toggle the EU General Data Protection Regulation (GDPR) switch on. To only send marketing emails to contacts with a legal basis to communicate, select the Legal basis required checkbox.
- Click Save.
How Gate 39 Media + HubSpot is a Winning Combination for Your Industry Compliance
Gate 39 Media is an award-winning HubSpot Platinum Solutions Partner Agency with deep financial compliance awareness. As part of our HubSpot onboarding services, implementing GDPR compliant account settings is part of our process for all clients.
We will work with you to ensure that everything is tailored to what’s best for your company – from custom cookies and consent language to specific subscription types and more.
All websites that we develop are built with compliance in mind and integrate seamlessly with HubSpot. So even beyond GDPR compliance, Gate 39 Media specializes in serving the special compliance needs of futures firms and the financial industry.
Have questions about GDPR requirements or how HubSpot can enhance your sales insights? Want a HubSpot demo?
Contact us or connect with Keller Hawthorne, VP of Marketing Technology at Gate 39 Media to learn more.
You may also be interested in: