Try our free compliance test to check if your website’s use of cookies and online tracking is GDPR/ePR compliant.

The test also shows what data your website collects and which third parties it shares with, a requirement under the CCPA.

    News & Articles

    Is my use of HubSpot GDPR and ePR compliant?

    Updated November 23, 2020.

    HubSpot is a widely used platform for marketing, sales and service management for websites.

    HubSpot works through the use of cookies and trackers embedded on your website and in your emails – which requires you to comply with the GDPR and CCPA.

    In this article, we look at how to make sure your use of HubSpot is GDPR and CCPA compliant and how the Cookiebot consent management platform (CMP) app in HubSpot makes it simple and easy.

    Cookiebot CMP App in HubSpot

    GDPR and CCPA compliance made easy and automatic

    Using HubSpot for your website’s inbound marketing puts third-party cookies and trackers in operation on your domain.

    These will collect personal data from your users when they visit your website, such as IP addresses, search or browser history and unique IDs.

    Being compliant with the GDPR and CCPA means to know exactly what cookies and trackers your website hosts, where they come from, who they send data to and how to take control of them so that the user can give their consent to the processing of their personal data and information.

    Cookiebot CMP App in HubSpot App Marketplace

    Cookiebot CMP offers its world-leading consent management as a seamless integration in the HubSpot App Marketplace.

    Cookiebot CMP performs deep scans of your website to detect all cookies and trackers, and then automatically blocks them until the users give their consent or indicate their opt-out wishes through a simple but highly customizable consent banner.

    Logo banner powered by Cookiebot by Usercentrics
    Cookiebot CMP standard consent banner that enables full GDPR compliance for your website.

    Simply find the Cookiebot CMP App and get started on full compliance for your website and its use of HubSpot.

    Cookiebot CMP App in the HubSpot App Marketplace ensures plug-and-play compliance with the GDPR and CCPA on your website and bulletproof protection of your end-users’ data privacy while using HubSpot.

    Try Cookiebot CMP free for 30 days… or forever if you have a small website

    Go to the Cookiebot CMP App in HubSpot App Marketplace

    Scan your website for free to see what cookies and trackers it uses

    How does HubSpot work?

    HubSpot has an umbrella of services that your website can use to increase traffic, optimize marketing leads and automate sales processes.

    The HubSpot CRM includes –

    • Marketing Hub
    • Sales Hub
    • Service Hub
    • CMS Hub

    HubSpot specializes in inbound marketing, i.e. getting customers to find your website via search engines, social media and other online platforms rather than having marketers reach out to customers.

    HubSpot and Cookiebot for complaint website optimization.
    HubSpot’s inbound marketing model for converting leads to customers to promoters.

    Inbound marketing consists of four steps –

    1. Attracting visitors to your website

    2. Converting them into leads by collecting information about them that can be stored in your HubSpot contact base

    3. Converting leads into customers by utilizing the information collected on them; through personalized and targeted content that reaches the lead in the right moment and at the right time.

    4. Engaging or delighting the customer with personalized content and attention is the last step in HubSpot’s inbound marketing model; whereby existing customers become crucial figures in attracting new visitors and potential customers.

    On a practical level, this means anything from automating email sequence, scheduling and tracking, optimizing templates for repeated sales outreaches and predictive customer scoring.

    In short, HubSpot can help you optimize and automate every part of your website’s marketing dimension.

    Visit HubSpot and learn more about its services

    Check out the Cookiebot CMP App in HubSpot App Marketplace

    HubSpot and GDPR

    Using HubSpot on your website isn’t by default non-compliant with the GDPR, but it requires you to implement a process of obtaining user consents before your process their personal data.

    The General Data Protection Regulation (GDPR) protects the personal data of individuals inside the EU, regardless of where in the world the website processing their information is located.

    The GDPR defines personal data broadly as any information relating to an identified or identifiable natural person, including online identifiers such as cookies that collect IP addresses, search and browser history, unique IDs and more.

    Using HubSpot on your website therefore requires you to operate in compliance with the GDPR.

    The GDPR requires you to –

    • Inform your users of all cookies and trackers in operation; their duration, provider and purpose.
    • Ask for and obtain the explicit consent from end-users before processing any personal data.
    • Block all cookies and trackers from activation before the end-user has given their consent to which they will allow to operate on your site during their visit.
    • Document all obtained consents and renew consents at least once per year.
    • Enable users to be able to change their consent state or revoke their consent entirely in as easy a way as they gave it.

    If your website uses HubSpot to e.g. track user behavior on your website or detect when they open and read an email, these processes process personal data, to which users must first give their consent.

    Cookiebot CMP – and the Cookiebot CMP App in HubSpot – manages user consent through a simple and easy-to-understand consent platform that allows users to quickly get an overview of what cookies and trackers are in use, what kind of personal data they collect and whether they wish to allow their activation.

    By asking for and obtaining user consent prior to any activation of third-party cookies, you ensure that your website and its use of HubSpot is in full compliance with the General Data Protection Regulation (GDPR).

    Learn more about GDPR and consent

    Try Cookiebot CMP free for 30 days… or forever if you have a small website

    Visit the Cookiebot CMP App in the HubSpot App Marketplace

    Checklist: steps to make your use of HubSpot GDPR compliant

    Making your website’s use of HubSpot GDPR compliant is super simple – with the Cookiebot CMP App available in the HubSpot App Marketplace, GDPR compliance becomes a seamless integration into all HubSpot services.

    Cookiebot CMP helps your website live up to all GDPR requirements for personal data processing on websites.

    Important GDPR requirements to be aware of are –

    Make sure that the actual data processing that is going on on your website is clearly stated, for example in your privacy policy. It is a requirement of the GDPR, that the information on the data collection…

    • is specific and up-to-date at all times,
    • is written in a plain and understandable language,
    • provides clear instructions on how one may opt in and out of one’s data being collected.

    Read more about the requirements and how to comply in our article on privacy policy.

    Do you have a proper cookie policy in place? The cookie policy should be accessible for your users, and outline what cookies are in use, what purpose they serve, and how one may opt in and out of them.

    It doesn’t matter whether your cookie policy is an independent document or integrated in your privacy policy, as long as the information is easily accessible for your users.

    Read more about the requirements for the cookie policy and how to comply with them.

    Obtaining proper consent to the use of cookies from your visitors is a crucial part of rendering your website compliant with the GDPR.

    In order to be compliant, the consent has to be –

    • Obtained prior to the setting of the cookies on the user’s browser (strictly necessary cookies are excepted from this rule)
    • Given on the basis of clear and specific information about what the consent is given to
    • Withdrawable. The user must have access to their settings and make changes to what cookies they want to accept and reject.
    • Kept as documentation that the consent has been given.

    Learn more about the GDPR and privacy policies

    Check out the Cookiebot CMP App in the HubSpot App Marketplace for GDPR compliance

    HubSpot and CCPA

    California Consumer Privacy Act (CCPA) took effect on January 1, 2020 and regulates how businesses are allowed to collect and sell the personal information of California residents.

    Unlike the European GDPR, the CCPA does not require websites to obtain the prior consent of users before they are allowed to collect, process or sell personal data.

    Instead, the CCPA empowers users with the rights to know what data has already been collected, demand it deleted and opt out of further data sales to third parties.

    Cookiebot CMP enables full CCPA compliance for your website as well as GDPR compliance. 

    Logo banner powered by Cookiebot by Usercentrics
    CCPA compliant notice from Cookiebot CMP.

    When it comes to complying with the CCPA using HubSpot, most of the functions that HubSpot implemented in the wake of the GDPR can be used, e.g. when it comes to complying with deletion requests.

    Learn more about CCPA compliance with Cookiebot CMP

    Read HubSpots own guide to CCPA compliant use here

    Check out the Cookiebot CMP App in the HubSpot App Marketplace for CCPA compliance


    Is HubSpot GDPR compliant?

    HubSpot helps websites manage their inbound marketing. To do this, your website will use third-party analytics and marketing cookies from HubSpot that will process personal data from your users. The GDPR requires you to ask for and obtain the explicit consent of users before you’re allowed to do so.

    Make your use of HubSpot GDPR compliant with Cookiebot CMP

    Is HubSpot CCPA compliant?

    The CCPA requires your website to inform users that you use HubSpot, what kinds of personal information you process and share with HubSpot and how they can opt out of having their data processed.

    Make your use of HubSpot CCPA compliant with Cookiebot CMP

    How do my website use HubSpot in GDPR compliance?

    The most important thing is to ask for and obtain the consent of your end-users to process their personal data through cookies and trackers on your website and in emails. You also need to inform users through your cookie policy and privacy policy that you use HubSpot, what kind of personal data HubSpot’s third-party cookies process, how long they remain active and how they can revoke their consent to such processing activities.

    Learn more about GDPR compliance

    How do my website use HubSpot in CCPA compliance?

    You will need to inform users through your privacy policy that you use HubSpot, what kind of personal information HubSpot’s third-party cookies collect on your website, how they can gain access to collected data, have it deleted and opt out entirely of having personal information collected and shared with a third-party like HubSpot.

    Learn more about CCPA compliance


    Try Cookiebot CMP for free today

    Visit the Cookiebot CMP App in HubSpot for GDPR and CCPA compliance

    Learn more about GDPR compliance

    General Data Protection Regulation (GDPR)

    California Consumer Privacy Act (CCPA) Inbound marketing vs outbound marketing

    The official GDPR law text

    HubSpot’s GDPR compliance page

    HubSpot: Roadmap for GDPR Compliance

    HubSpot GDPR compliance checklist

    How can we help you?
    Scan your website for free or get started right away.
    You are one step away from being able to achieve compliance
    Get started right away for free with our plug and play Consent Management solution.
    Is your website privacy compliant?
    Scan your website for free and find out which cookies and tracking technologies are collecting user data.