Logo Logo
Cookiebot

 

The General Data Protection Regulation (GDPR) and the ePrivacy Directive (ePR) mean that you must make changes to your use of HubSpot in order to stay compliant.

 

Try our free compliance test to check if your website’s use of cookies and online tracking is GDPR/ePR compliant.

Is my use of HubSpot GDPR and ePR compliant?

HubSpot helps you manage your inbound marketing by means of a detailed insight into your existing and potential customers. This insight is brought about with tracking code embedded on your website and in your emails.

But is HubSpot compliant with the EU General Data Protection Regulation? How do the GDPR and HubSpot work together?

Read the article to find out what HubSpot has done to make their services compliant with the GDPR and the ePrivacy Directive, and what you should do to make sure that your use of HubSpot is compliant.

What is HubSpot?


HubSpot is a service platform that helps marketers manage all aspects of their inbound marketing, from seo, blog posts, social media, marketing automation, personalization and segmentation.

Inbound marketing, in opposition to traditional or outbound marketing such as ads and direct mails, is marketing by means of creating relevant content, that is search-friendly and attracts the customers to you.

Or, as formulated by HubSpot themselves, to “(...) meet people where they are, at the search box, and pull them into your website.

What does HubSpot do?

HubSpot offers a range of services for marketing and sales, customer service and CRM software.

The four steps of the HubSpot Inbound Methodology

As illustrated in the screenshot below, HubSpot helps you take care of the all of the steps on the path from turning a stranger into a visitor into a lead into a customer into a promoter.

Illustration of HubSpot's Inbound Methodology

The screenshot is taken from the HubSpot demo video.

In this video, the voice-over explains that the first step is to attract people to your site. HubSpot helps you understand what brings visitors in and optimize content to turn more strangers into visitors. This is done using tracking data for analytics into your visitors’ behavior on the site.

Step two is to convert the visitors into leads, by nudging them to fill in some information about themselves, that can be collected and stored in your HubSpot contact base.

Step three is to convert the lead into a customer by using the knowledge on your leads’ interests to determine where they are in their decision process and to segment, personalize and target relevant content to the lead.

HubSpot Analytics helps ensure you send the most effective emails possible by means of insight into opening rates.

Visit and see for yourself on HubSpot Analytics.

The entire website can be refocused and personalized to mirror the specific visitors’ interests, as it has been expressed in their browsing patterns and actions on your site.

Step four is when a lead has become a customer, the personalized attention continues. HubSpot automatically recognizes customers, allowing for vip treatment on the site.

HubSpot can even alert you if a customer visits your help section or your cancel account page.

HubSpot and GDPR - it is compliant?


While nurturing of visitors is a highly effective and helpful tool for marketers, it does pose an issue regarding data protection and privacy.

Is there a clash between the GDPR and HubSpot? Is HubSpot compliant with the EU legislations, the General Data Protection Regulation and the ePrivacy Directive?

The General Data Protection Regulation is a more-than-EU-wide regulation that protects the personal data of EU citizens, regardless of where the website processing their information is in the world.

Its repercussions reach far wider than the EU.

For marketers and data driven companies in general, the issue is the broad definition of personal data of the GDPR.

Article 4 in the General Data Protection Regulation:

For the purposes of this Regulation:

1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

Under this definition, HubSpot’s use of tracking for nurturing potential and existing customers is subject to the Regulation.

Use of HubSpot and requirements of the GDPR

In order to comply, your website has to give specific and accurate information to the users about all of the tracking of personal data going on on it, of first or third party provenience unheeded.

You have to have your users’ informed consent prior to the initial tracking, and this consent must be withdrawable.

For a full overview of the requirements of the GDPR for a compliant website, check out our article GDPR and cookies.

If your website processes data in other manners than by means of cookies, for example forms, remember to make sure that it is compliant. Be clear and specific about the purpose of the data collection, and what you plan on doing with the data.

Read below, what HubSpot has done to prepare their products and services to the GDPR, and what changes you yourself should make to your use of HubSpot in order to comply.

HubSpot and GDPR - compliant changes

Check out HubSpot’s own section dedicated to the GDPR and specifically, their HubSpot Product Roadmap for GDPR Compliance, where they have listed all of their product changes in order to achieve GDPR readiness.

Here are the listed product changes to HubSpot in preparation for the GDPR -

How can I make my use of HubSpot GDPR compliant?

However, all of the above product changes unheeded, as the owner of the website, you are the responsible party for the personal data of your visitors that is being handled on your site.

See this useful GDPR compliance checklist by HubSpot.

Checklist: steps to make your use of HubSpot GDPR compliant


1. Provide transparency about the data processing on your site in your privacy policy and / or cookie policy

Make sure that the actual data processing that is going on on your website is clearly stated, for example in your privacy policy. It is a requirement of the GDPR, that the information on the data collection…

Read more about the requirements and how to comply in our article on privacy policy.

Do you have a proper cookie policy in place? The cookie policy should be accessible for your users, and outline what cookies are in use, what purpose they serve, and how one may opt in and out of them.

It doesn’t matter whether your cookie policy is an independent document or integrated in your privacy policy, as long as the information is easily accessible for your users.

Read more about the requirements for the cookie policy and how to comply with them.

With Cookiebot, the monthly report of the scan of your website’s use of cookies and trackers can be published as an integrated part of your privacy policy and cookie policy.

That way, your information to your users is always specific and up to date with the actual data processing going on, no matter how your tools and cookies change.

Also, the declaration automatically provides the mandatory options of changing and revoking consent.

2. Implement a GDPR compliant cookie consent

Getting a proper consent to the use of cookies from your visitors is a crucial part of rendering your website compliant with the GDPR. In order to be compliant, the consent has to be…

Read more in our article about cookie consents and the GDPR.

Cookiebot is one of the few cookie consent solutions that does all of that.

In conclusion, the use of HubSpot can be GDPR compliant if you follow the above-mentioned requirements.

Resources


Try Cookiebot for free today.

vtldesign.com: Inbound marketing vs outbound marketing

The official GDPR law text

HubSpot's GDPR compliance page

HubSpot: Roadmap for GDPR Compliance

HubSpot GDPR compliance checklist

HubSpot.com

Make your website’s use of cookies and online tracking GDPR/ePR compliant today

Try for free