All Blog Posts

Hubspot GDPR and CCPA Compliance

In this article, we look at how to make sure your use of HubSpot is GDPR and CCPA compliant and how the Cookiebot consent management platform (CMP) app in HubSpot makes it simple and easy.

Updated November 23, 2020.

HubSpot is a widely used platform for marketing, sales and service management for websites.

HubSpot works through the use of cookies and trackers embedded on your website and in your emails – which requires you to comply with the GDPR and CCPA.

Cookiebot CMP App in HubSpot

GDPR and CCPA compliance made easy and automatic

Using HubSpot for your website’s inbound marketing puts third-party cookies and trackers in operation on your domain.

These will collect personal data from your users when they visit your website, such as IP addresses, search or browser history and unique IDs.

Being compliant with the GDPR and CCPA means to know exactly what cookies and trackers your website hosts, where they come from, who they send data to and how to take control of them so that the user can give their consent to the processing of their personal data and information.

Cookiebot CMP App in HubSpot App Marketplace

Cookiebot CMP offers its world-leading consent management as a seamless integration in the HubSpot App Marketplace.

Cookiebot CMP performs deep scans of your website to detect all cookies and trackers, and then automatically blocks them until the users give their consent or indicate their opt-out wishes through a simple but highly customizable consent banner.

Cookieboot Pop Up Banner - Cookiebot
Cookiebot CMP standard consent banner that enables full GDPR compliance for your website.

Simply find the Cookiebot CMP App and get started on full compliance for your website and its use of HubSpot.

Cookiebot CMP App in the HubSpot App Marketplace ensures plug-and-play compliance with the GDPR and CCPA on your website and bulletproof protection of your end-users’ data privacy while using HubSpot.

Try Cookiebot CMP free for 14 days… or forever if you have a small website

Go to the Cookiebot CMP App in HubSpot App Marketplace

Scan your website for free to see what cookies and trackers it uses

How does HubSpot work?

HubSpot has an umbrella of services that your website can use to increase traffic, optimize marketing leads and automate sales processes.

The HubSpot CRM includes –

  • Marketing Hub
  • Sales Hub
  • Service Hub
  • CMS Hub

HubSpot specializes in inbound marketing, i.e. getting customers to find your website via search engines, social media and other online platforms rather than having marketers reach out to customers.

Infographic of HubSpot’s inbound marketing model - Cookiebot
HubSpot’s inbound marketing model for converting leads to customers to promoters.

Inbound marketing consists of four steps –

1. Attracting visitors to your website

2. Converting them into leads by collecting information about them that can be stored in your HubSpot contact base

3. Converting leads into customers by utilizing the information collected on them; through personalized and targeted content that reaches the lead in the right moment and at the right time.

4. Engaging or delighting the customer with personalized content and attention is the last step in HubSpot’s inbound marketing model; whereby existing customers become crucial figures in attracting new visitors and potential customers.

On a practical level, this means anything from automating email sequence, scheduling and tracking, optimizing templates for repeated sales outreaches and predictive customer scoring.

In short, HubSpot can help you optimize and automate every part of your website’s marketing dimension.

Visit HubSpot and learn more about its services

Check out the Cookiebot CMP App in HubSpot App Marketplace

HubSpot and GDPR

Using HubSpot on your website isn’t by default non-compliant with the GDPR, but it requires you to implement a process of obtaining user consents before your process their personal data.

The General Data Protection Regulation (GDPR) protects the personal data of individuals inside the EU, regardless of where in the world the website processing their information is located.

The GDPR defines personal data broadly as any information relating to an identified or identifiable natural person, including online identifiers such as cookies that collect IP addresses, search and browser history, unique IDs and more.

Using HubSpot on your website therefore requires you to operate in compliance with the GDPR.

The GDPR requires you to –

  • Inform your users of all cookies and trackers in operation; their duration, provider and purpose.
  • Ask for and obtain the explicit consent from end-users before processing any personal data.
  • Block all cookies and trackers from activation before the end-user has given their consent to which they will allow to operate on your site during their visit.
  • Document all obtained consents and renew consents at least once per year.
  • Enable users to be able to change their consent state or revoke their consent entirely in as easy a way as they gave it.

If your website uses HubSpot to e.g. track user behavior on your website or detect when they open and read an email, these processes process personal data, to which users must first give their consent.

Cookiebot CMP – and the Cookiebot CMP App in HubSpot – manages user consent through a simple and easy-to-understand consent platform that allows users to quickly get an overview of what cookies and trackers are in use, what kind of personal data they collect and whether they wish to allow their activation.

By asking for and obtaining user consent prior to any activation of third-party cookies, you ensure that your website and its use of HubSpot is in full compliance with the General Data Protection Regulation (GDPR).

Learn more about GDPR and consent

Try Cookiebot CMP free for 14 days… or forever if you have a small website

Visit the Cookiebot CMP App in the HubSpot App Marketplace

Checklist: steps to make your use of HubSpot GDPR compliant

Making your website’s use of HubSpot GDPR compliant is super simple – with the Cookiebot CMP App available in the HubSpot App Marketplace, GDPR compliance becomes a seamless integration into all HubSpot services.

Cookiebot CMP helps your website live up to all GDPR requirements for personal data processing on websites.

Important GDPR requirements to be aware of are –

Make sure that the actual data processing that is going on on your website is clearly stated, for example in your privacy policy. It is a requirement of the GDPR, that the information on the data collection…

  • is specific and up-to-date at all times,
  • is written in a plain and understandable language,
  • provides clear instructions on how one may opt in and out of one’s data being collected.

Read more about the requirements and how to comply in our article on privacy policy.

Do you have a proper cookie policy in place? The cookie policy should be accessible for your users, and outline what cookies are in use, what purpose they serve, and how one may opt in and out of them.

It doesn’t matter whether your cookie policy is an independent document or integrated in your privacy policy, as long as the information is easily accessible for your users.

Read more about the requirements for the cookie policy and how to comply with them.

Obtaining proper consent to the use of cookies from your visitors is a crucial part of rendering your website compliant with the GDPR.

In order to be compliant, the consent has to be –

  • Obtained prior to the setting of the cookies on the user’s browser (strictly necessary cookies are excepted from this rule)
  • Given on the basis of clear and specific information about what the consent is given to
  • Withdrawable. The user must have access to their settings and make changes to what cookies they want to accept and reject.
  • Kept as documentation that the consent has been given.

Learn more about the GDPR and privacy policies

Check out the Cookiebot CMP App in the HubSpot App Marketplace for GDPR compliance

HubSpot and CCPA

California Consumer Privacy Act (CCPA) took effect on January 1, 2020 and regulates how businesses are allowed to collect and sell the personal information of California residents.

Unlike the European GDPR, the CCPA does not require websites to obtain the prior consent of users before they are allowed to collect, process or sell personal data.

Instead, the CCPA empowers users with the rights to know what data has already been collected, demand it deleted and opt out of further data sales to third parties.

Cookiebot CMP enables full CCPA compliance for your website as well as GDPR compliance. 

Cookiebot CCPA compliant cookie declaration screenshot - Cookiebot
CCPA compliant notice from Cookiebot CMP.

When it comes to complying with the CCPA using HubSpot, most of the functions that HubSpot implemented in the wake of the GDPR can be used, e.g. when it comes to complying with deletion requests.

Learn more about CCPA compliance with Cookiebot CMP

Read HubSpots own guide to CCPA compliant use here

Check out the Cookiebot CMP App in the HubSpot App Marketplace for CCPA compliance


Is HubSpot GDPR compliant?

HubSpot helps websites manage their inbound marketing. To do this, your website will use third-party analytics and marketing cookies from HubSpot that will process personal data from your users. The GDPR requires you to ask for and obtain the explicit consent of users before you’re allowed to do so.

Make your use of HubSpot GDPR compliant with Cookiebot CMP

Is HubSpot CCPA compliant?

The CCPA requires your website to inform users that you use HubSpot, what kinds of personal information you process and share with HubSpot and how they can opt out of having their data processed.

Make your use of HubSpot CCPA compliant with Cookiebot CMP

How do my website use HubSpot in GDPR compliance?

The most important thing is to ask for and obtain the consent of your end-users to process their personal data through cookies and trackers on your website and in emails. You also need to inform users through your cookie policy and privacy policy that you use HubSpot, what kind of personal data HubSpot’s third-party cookies process, how long they remain active and how they can revoke their consent to such processing activities.

Learn more about GDPR compliance

How do my website use HubSpot in CCPA compliance?

You will need to inform users through your privacy policy that you use HubSpot, what kind of personal information HubSpot’s third-party cookies collect on your website, how they can gain access to collected data, have it deleted and opt out entirely of having personal information collected and shared with a third-party like HubSpot.

Learn more about CCPA compliance


Try Cookiebot CMP for free today

Visit the Cookiebot CMP App in HubSpot for GDPR and CCPA compliance

Learn more about GDPR compliance

General Data Protection Regulation (GDPR)

California Consumer Privacy Act (CCPA) Inbound marketing vs outbound marketing

The official GDPR law text

HubSpot’s GDPR compliance page

HubSpot: Roadmap for GDPR Compliance

HubSpot GDPR compliance checklist