Updated November 23, 2020.
HubSpot is a widely used platform for marketing, sales and service management for websites.
In this article, we look at how to make sure your use of HubSpot is GDPR and CCPA compliant and how the Cookiebot consent management platform (CMP) app in HubSpot makes it simple and easy.
Cookiebot CMP App in HubSpot
GDPR and CCPA compliance made easy and automatic
Using HubSpot for your website’s inbound marketing puts third-party cookies and trackers in operation on your domain.
These will collect personal data from your users when they visit your website, such as IP addresses, search or browser history and unique IDs.
Being compliant with the GDPR and CCPA means to know exactly what cookies and trackers your website hosts, where they come from, who they send data to and how to take control of them so that the user can give their consent to the processing of their personal data and information.
Cookiebot CMP App in HubSpot App Marketplace
Cookiebot CMP performs deep scans of your website to detect all cookies and trackers, and then automatically blocks them until the users give their consent or indicate their opt-out wishes through a simple but highly customizable consent banner.
Simply find the Cookiebot CMP App and get started on full compliance for your website and its use of HubSpot.
Cookiebot CMP App in the HubSpot App Marketplace ensures plug-and-play compliance with the GDPR and CCPA on your website and bulletproof protection of your end-users’ data privacy while using HubSpot.
How does HubSpot work?
HubSpot has an umbrella of services that your website can use to increase traffic, optimize marketing leads and automate sales processes.
The HubSpot CRM includes –
- Marketing Hub
- Sales Hub
- Service Hub
- CMS Hub
HubSpot specializes in inbound marketing, i.e. getting customers to find your website via search engines, social media and other online platforms rather than having marketers reach out to customers.
Inbound marketing consists of four steps –
1. Attracting visitors to your website
2. Converting them into leads by collecting information about them that can be stored in your HubSpot contact base
3. Converting leads into customers by utilizing the information collected on them; through personalized and targeted content that reaches the lead in the right moment and at the right time.
4. Engaging or delighting the customer with personalized content and attention is the last step in HubSpot’s inbound marketing model; whereby existing customers become crucial figures in attracting new visitors and potential customers.
On a practical level, this means anything from automating email sequence, scheduling and tracking, optimizing templates for repeated sales outreaches and predictive customer scoring.
In short, HubSpot can help you optimize and automate every part of your website’s marketing dimension.
HubSpot and GDPR
Using HubSpot on your website isn’t by default non-compliant with the GDPR, but it requires you to implement a process of obtaining user consents before your process their personal data.
The General Data Protection Regulation (GDPR) protects the personal data of individuals inside the EU, regardless of where in the world the website processing their information is located.
The GDPR defines personal data broadly as any information relating to an identified or identifiable natural person, including online identifiers such as cookies that collect IP addresses, search and browser history, unique IDs and more.
Using HubSpot on your website therefore requires you to operate in compliance with the GDPR.
The GDPR requires you to –
- Inform your users of all cookies and trackers in operation; their duration, provider and purpose.
- Ask for and obtain the explicit consent from end-users before processing any personal data.
- Block all cookies and trackers from activation before the end-user has given their consent to which they will allow to operate on your site during their visit.
- Document all obtained consents and renew consents at least once per year.
- Enable users to be able to change their consent state or revoke their consent entirely in as easy a way as they gave it.
If your website uses HubSpot to e.g. track user behavior on your website or detect when they open and read an email, these processes process personal data, to which users must first give their consent.
Cookiebot CMP – and the Cookiebot CMP App in HubSpot – manages user consent through a simple and easy-to-understand consent platform that allows users to quickly get an overview of what cookies and trackers are in use, what kind of personal data they collect and whether they wish to allow their activation.
By asking for and obtaining user consent prior to any activation of third-party cookies, you ensure that your website and its use of HubSpot is in full compliance with the General Data Protection Regulation (GDPR).
Checklist: steps to make your use of HubSpot GDPR compliant
Making your website’s use of HubSpot GDPR compliant is super simple – with the Cookiebot CMP App available in the HubSpot App Marketplace, GDPR compliance becomes a seamless integration into all HubSpot services.
Cookiebot CMP helps your website live up to all GDPR requirements for personal data processing on websites.
Important GDPR requirements to be aware of are –
- is specific and up-to-date at all times,
- is written in a plain and understandable language,
- provides clear instructions on how one may opt in and out of one’s data being collected.
2. Get user consent before processing data
In order to be compliant, the consent has to be –
- Obtained prior to the setting of the cookies on the user’s browser (strictly necessary cookies are excepted from this rule)
- Given on the basis of clear and specific information about what the consent is given to
- Withdrawable. The user must have access to their settings and make changes to what cookies they want to accept and reject.
- Kept as documentation that the consent has been given.
HubSpot and CCPA
California Consumer Privacy Act (CCPA) took effect on January 1, 2020 and regulates how businesses are allowed to collect and sell the personal information of California residents.
Unlike the European GDPR, the CCPA does not require websites to obtain the prior consent of users before they are allowed to collect, process or sell personal data.
Instead, the CCPA empowers users with the rights to know what data has already been collected, demand it deleted and opt out of further data sales to third parties.
Cookiebot CMP enables full CCPA compliance for your website as well as GDPR compliance.
When it comes to complying with the CCPA using HubSpot, most of the functions that HubSpot implemented in the wake of the GDPR can be used, e.g. when it comes to complying with deletion requests.
Is HubSpot GDPR compliant?
HubSpot helps websites manage their inbound marketing. To do this, your website will use third-party analytics and marketing cookies from HubSpot that will process personal data from your users. The GDPR requires you to ask for and obtain the explicit consent of users before you’re allowed to do so.
Is HubSpot CCPA compliant?
The CCPA requires your website to inform users that you use HubSpot, what kinds of personal information you process and share with HubSpot and how they can opt out of having their data processed.
How do my website use HubSpot in GDPR compliance?
How do my website use HubSpot in CCPA compliance?