It will affect all organisations that control or process the data of EU citizens, so even if your company is based outside the EU, the GDPR will apply to you.
This new legal framework will have profound implications in how marketers manage their relationship with prospects and customers.
It will come into effect on May 25, 2018, and penalties for violations will be significant.
In this article, you'll learn how to use HubSpot’s current set of GDPR-friendly features.
HubSpot can't help companies be fully compliant — you should seek legal advice if needed — but there are many GDPR-friendly features already available in the HubSpot software.
Under GDPR, a contact needs to be informed that their data will be stored and used by a company when they're submitting it. Consent will need to be “freely given, specific, informed, and unambiguous,” with companies using “clear and plain” legal language that is “clearly distinguishable from other matters.”
Since HubSpot helps you create your own landing pages and forms and add whatever text you wish, you already have the tools you need to inform your prospects on how you plan to use, store, and process their data and of their right to withdraw consent, all of which will help you meet your GDPR consent obligations.
Here’s how to enable consent tracking in forms in your HubSpot account:
You can see the step-by-step process here:
Double opt-in is a procedure that allows visitors who fill out a form to confirm they want to receive communications from you.
The GDPR is silent on whether this form of consent is required, and unless guidance to the contrary is issued by the EU or our supervisory authority, our view is that this is not mandatory under the GDPR.
That said, many businesses will prefer to use ‘double opt-in’ as an additional protective measure, obtaining consent from a specific individual.
Once enabled, the double opt-in feature sends an opt-in request email to all contacts who submit a form for the first time on your website. To start using it in your account, follow these steps:
Follow this step-by-step process in the short video below:
Individuals always had the right to request access to their data. But the GDPR enhances these rights. The timescale for processing an access request will also drop significantly from the current 40 day period.
HubSpot is working on functionality to ensure the service is fully GDPR compliant by the May 2018 deadline. Customers and prospects should follow our GDPR web pages for further updates in this area over the coming months.
That said, the HubSpot software already lets you export data from a person’s contact record from your HubSpot portal in a user-friendly format. It’s as simple as searching for the person’s contact record and then taking the desired action. The whole process takes seconds.
This will assist customers in complying with a contact’s request for a copy of their data, either to move to another provider or to check what personal data you hold about them in your HubSpot account.
Under the current legislation, individuals already have the right to ask you to modify or update data you hold on them in your systems (for example if they change email address). This will not change under the GDPR, but as we know, the penalties for breach under the GDPR are more severe.
Follow this step-by-step process to learn how to edit the information on any contact property:
When you send emails to prospects and customers using the HubSpot marketing software, they include an unsubscribe button, which allows customers to easily let you know that they want to withdraw consent to receiving marketing emails from you. This feature also helps companies comply with the EU E-Privacy legislation governing direct marketing.
On the other hand, our email preferences functionality allows customers and prospects to choose which categories of email they want to receive.
As you can see, there are many GDPR-friendly features you can use on your path to be compliant.
This new legal outlook is a great opportunity for marketers to revise how they're approaching their prospects and customers and what they can do to treat these relationships with the highest care.
We're sure that this regulation will move all marketers toward a more user-friendly experience, and it will help shape a more transparent way to do business.
Are you GDPR ready? Read through the checklist to find out more.
Disclaimer: This blog post is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand the GDPR. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult an attorney if you’d like advice on your interpretation of this information or its accuracy. In a nutshell, you may not rely on this as legal advice or as a recommendation of any particular legal understanding.
Important Note: The information in this blog post was relevant and accurate as of December, 2017. HubSpot will continue to work on product features that will help our customers comply with the GDPR in time for the go-live date of May 25, 2018.
This blog post was originally published on HubSpot's User Blog, and is reproduced here because of its relevance to partners.