GDPR, Hubspot, Inbound, InboundMarketing

The GDPR changed how companies process customer data. HubSpot software ensures compliance with GDPR regulations to keep your customers’ data safe.



The EU’s General Data Protection Regulation (GDPR) came into effect over two years ago. Most B2B companies are aware that it’s something they need to comply with, but many struggle to wrap their brains around how it affects marketing efforts.

Ensuring your business is GDPR compliant can be challenging. If you’re a digital marketer, you should implement a marketing software that takes the hassle out of complying with these rules.

Enter: HubSpot. 

HubSpot embraced these new rules by ensuring their marketing automation software incorporates features that help businesses to follow the new data protection rules without having to start from scratch..

In today’s article, we’ll discuss how Hubspot’s privacy policy adapted to the new regulations set out by the GDPR. Want to know how your business can stay data-savvy and in your customers’ good books? Let’s find out.

What is the GDPR?

At this point, you’re probably wondering what exactly is the GDPR? Let’s find out.

The General Data Protection Regulation (GDPR, for short) came into force in May 2018. It was —and still is— the single most important change regarding data privacy and management of the last two decades.

The GDPR is a document that’s over 200 pages long. As a busy B2B digital marketing professional, you probably don’t have to read that. We get it. That’s why we’ve condensed those 200 pages into a simple and accessible description that you can read in less than a minute. You can thank us later.

GDPR explained

The goal of the GDPR is to unify data privacy laws across Europe. It aims to strengthen data privacy and ensure that EU citizens have complete control over how their personal data is used online. Data includes any information that allows an individual to be identified from the data that’s available. It includes everything from a person’s name, to their username, to their IP address and cookie identifiers.

There are also some special categories that can be identified as sensitive personal data which are strongly protected under the GDPR. This includes data about a person’s race or ethnic origin, religious beliefs, political agendas, and more.

On a fundamental level, it means that companies must be more transparent about what they’re using customers’ personal data for. At the same time, it gives individuals more control over the information they allow companies access to.

There are three main factors involved in GDPR:

  • Consent: Under GDPR, consent must be “freely given, specific, informed and unambiguous”. Basically, individuals must know exactly what they’re consenting. They must be aware, and mustn’t be coerced into giving consent unknowingly.
  • The “right to be forgotten” and the “right to data portability”: The former means that controllers must alert recipients when requests are made to delete data; the latter means that individuals can demand a copy of their data in a common format.
  • Access requests: GDPR enhances access request rights for individuals. Businesses can no longer charge for processing data access requests (in most cases) and the length of time processing will be shorter.

After the GDPR came into effect in 2018, 62% of UK consumers reported they felt more comfortable sharing their data online. In its first year of implementation, 500,000 data protection officers were employed and 89,000 data breaches were recorded. Many businesses decided to make a clean break and opted to dump their collected data, rather adjusting it to be GDPR compliant.


GDPR European rule


Who does it apply to?

The GDPR applies to any business or organization that operates in the European Union or processes the data or citizens of the European Union. So, even if you operate a large business in America that serves the European market, you’ll need to ensure you’re GDPR compliant with your EU customers’ data.

What if you don’t comply?

So you’re probably wondering what happens if a company doesn’t comply with the data privacy laid out in the GDPR?

Those who don’t comply can expect severe penalties. If a business suffers a data breach and it’s found that they haven’t complied with GDPR rules and regulations, they could be fined up to €20 million or 4% of their annual turnover. We told you the penalties were severe!

What Did GDPR Mean for Marketers?

When it came into play a few years ago, GDPR meant a big change for marketers. For marketers to be able to re-market products or services to individuals, send automated email marketing campaigns, or market to specific target audiences—they needed to have individuals consent. In other words, individuals must have opted-in for marketers to direct their efforts towards them.

It was actually a really good thing, though!

It meant that marketers had to relinquish their dependency on customer data in favor of securing explicit consent. Essentially, it meant that marketers had to adopt a new approach that focused on personalization, targeted leads, and relevancy.

So what did this mean for marketers using Hubspot? How does Hubspot for privacy ensure GDPR regulations are complied with? Let’s take a look.

How Does Hubspot Comply with GDPR?

Sure, GDPR can be a source of frustration for some marketers.

When it was established, it meant that marketers had to put old tactics to bed and instead obtain clear and unambiguous consent from their audience. Moreover, there must be a clear consent trail and processes need to be recorded and reviewed regularly to hold them accountable.

But for marketers using Hubspot, it’s very much business as usual.

If you’re familiar with Hubspot, you’ll know that it’s all about inbound marketing. Inbound marketers focus on earning the consent of the individuals they market to.

Instead of using interruptive outbound marketing techniques that demand (rather than ask for) their audience’s attention, inbound marketing efforts focus on providing value through different types of content that’s designed to be relevant to the individual and correspond to the stage their at in their customer journey. Often, content marketing is used to anticipate and address the needs of existing or prospective customers, attracting them to a particular business, product, or service.

Once individuals are attracted to a company, they’re ready to convert into customers using lead generation forms, effective calls-to-action, and optimized landing pages that offer quality content in exchange for personal data or consent to receive emails in the form of newsletters and promotions. With inbound marketing, there’s consent at every exchange.

If you’re using Hubspot’s marketing software to execute, optimize, and track your digital marketing efforts, you might be wondering how Hubspot ensures GDPR compliance. You’ll be glad to know that Hubspot includes a number of GDPR-related features to ensure you avoid getting into any trouble with the law or your audience.




GDPR and Hubspot’s Marketing Software

Hubspot’s marketing software incorporates GDPR into its functionality. Hubspot recognized the importance of the new law for B2B companies, and quickly adapted their software to streamline the process of collecting, managing, and processing data and consent in a GDPR-compliant manner.

So how exactly does Hubspot make it easy to comply with GDPR?

1. Lawful basis of processing

You need to have a legal reason to use an individual’s data. Hubspot allows users to track and record lawful basis to ensure complete accountability. Hubspot allows users to enter this information manually, or via automated workflows that set and record the lawful basis property when someone signs a contract. There are some different ways a company can obtain lawful basis of processing:

  • Consent is freely given,
  • Contract performance (contact’s data is necessary to complete contract),
  • Legitimate interest (for instance, someone is already a customer and you’re sharing information about upgrades).

2. Consent

Hubspot makes it simple for marketers to comply with GDPR rules with tick boxes on things that require them (like forms or messages). This means you’re giving new contacts notice about how you’ll be using their personal data, and let them decide whether or not they consent to being contacted by you in the future. Moreover, you can also link out to additional privacy notices or notice provisions.




3. Opt-outs

Another key regulation of GDPR is that individuals must have the ability to withdraw their consent or object to how their data is being used at any time. Hubspot makes it easy for contacts to withdraw their consent on the subscription preferences page. Once this is done, their contact record will be automatically withdrawn from what they consented to in the first place. Moreover, if you use Sales Hub to send emails to contacts, they now include unsubscribe links to make it easy for contacts to withdraw their consent to receiving emails or promotions.

4. Personal data deletion

With Hubspot, it’s simple to permanently delete your contacts’ data if they request it. You can perform a fully GDPR-compliant deletion via the Hubspot portal.

5. Access and portability

In the same way a contact can request their data to be deleted, they can also request access to the data you have about them. Hubspot enables you to do this easily by exporting the contact’s record into a common readable format. You can grant an access request made by a contact by providing them with a readable format that they can download.

6. Data modification

Contacts can request that their data be modified if it’s incorrect or incomplete. Doing this is a breeze with Hubspot, simply modify the information requested via her contact record.

With Hubspot’s marketing platform, you can rest assured that GDPR compliance is taken seriously. Hubspot has streamlined the process of complying with these regulations, and they’ve even produced a checklist to enable businesses to assess their data storage, collection, and processing practices.

Final Thoughts

Hubspot agree that the GDPR and any other data privacy rules are built to enable businesses to provide better, more personalized experiences for their customers while keeping their data safe and sound. 

The result? Customer relationships built on trust and transparency. In this way, GDPR compliance is aligned with the concept of inbound marketing. Attract and nurture leads with relevant, timely, and helpful content, and you’ll be on the right track to GDPR compliance and improving your customers’ experience.

Want to know more about how Hubspot marketing software can help you
boost your business in a GDPR-compliant way?
Book a free consultation with us today to find out more. 

CTA Free Consultation



social media