Skip to content

GDPR and HubSpot: A Partnership for Privacy

author image
by June van der Weyden
22 min
Curious about how HubSpot complies with the stringent requirements of the General Data Protection Regulation (GDPR)? Read on! As a software company focusing on inbound marketing, sales, and customer service, HubSpot is obligated to handle customer personal data in a secure and legal manner. Explore how HubSpot addresses this and the useful tools they have implemented to assist your company in meeting GDPR requirements

What is GDPR?

As a company, it is important to understand what the General Data Protection Regulation (GDPR), also known as the 'Algemene Verordening Gegevensbescherming (AVG)', entails and how it applies to the processing of personal data of your customers. The GDPR is legislation that obligates your company to protect personal data and ensure the privacy of your customers. This means that your business must comply with a set of strict rules, including obtaining explicit consent from your customers. With the GDPR, your company has gained increased responsibility for safeguarding the privacy of your customers.

You must ensure that your company complies with GDPR requirements. This means having a clear privacy statement that describes the personal data you collect, why you do it, and how you secure this data. Ensure that your processes and systems comply with GDPR, such as implementing secure data storage and access controls.

By complying with GDPR, you demonstrate that you handle your customers' privacy carefully and are worthy of their trust. In short, GDPR protects the privacy of your customers and gives them more control over their personal data online. Furthermore, HubSpot's GDPR compliance is an essential aspect to consider when using the platform. The HubSpot privacy policy ensures full compliance with GDPR requirements.

Why is GDPR important?

As a business, GDPR is important because it ensures that you take responsibility for your customers' privacy. By complying with GDPR requirements, you show that you take their privacy seriously and are transparent about the personal data you collect, why you do it, and how you secure this data. GDPR not only protects customers' privacy but also offers benefits for your business. By complying with GDPR, you enhance the reliability and reputation of your business, leading to increased trust from customers, potentially resulting in more loyalty and revenue. Moreover, you reduce the risk of data breaches and penalties for non-compliance. In summary, GDPR is crucial for your business as it not only protects consumer privacy but also provides benefits.

Key GDPR requirements

Simply activating a cookie notification and sitting back is not enough. With increasing awareness of privacy laws, AVG, and GDPR, consumers are becoming more conscious of their rights. As a business, you cannot afford to send unsolicited emails. The key requirements of the General Data Protection Regulation (GDPR) are:

  • Consent: Obtain explicit consent from your customers to collect and process their personal data. This consent must be specific, voluntary, and unambiguous, with customers having the option to withdraw it at any time.
  • Transparency: Be transparent about the data you collect and why. Inform your customers about how their data is processed, how long you retain their data, and who has access to this data.
  • Right of access: Customers have the right to access their personal data held and processed by your company. Enable customers to view, correct, or delete their data when it is inaccurate, incomplete, or no longer relevant.
  • Data security: Protect customers' personal data from unauthorized access, theft, or loss. Implement technical and organizational measures to safeguard customers' personal data.
  • Data Protection Officer (DPO): In some cases, appoint a Data Protection Officer (DPO) responsible for overseeing the company's data protection practices and ensuring compliance with GDPR.

Non-compliance with GDPR can lead to high fines and reputational damage for your business. It is crucial to be aware of these requirements and take necessary steps to comply with GDPR. HubSpot's GDPR settings allow users to fully comply with GDPR requirements.

Implementing GDPR in HubSpot: What to consider Cookies & HubSpot

Cookies & HubSpot

HubSpot CMS (Content Management System) is a powerful web platform designed for businesses looking to manage, optimize, and expand their online presence. The platform offers a comprehensive set of tools and features, allowing you to easily create and manage attractive websites and landing pages. The platform provides a visual editor that simplifies content creation, editing, and publishing. Additionally, HubSpot CMS offers customisation options, enabling you to display specific content to specific visitors based on their demographic data, location, interests, and behavior.

Another significant advantage of HubSpot CMS is its integration with other HubSpot tools, including the CRM system, marketing automation, lead generation forms, analytics, and more. This enables you to optimise your marketing and sales activities and measure and analyze the performance of your website. In summary, HubSpot CMS is a comprehensive web platform that helps your business manage and expand your online presence. It offers advanced tools for content creation, personalisation, and analytics, enabling you to better integrate and optimize your marketing and sales efforts.

One of the benefits of using HubSpot CMS in conjunction with cookies is the ability to integrate information collected through cookies into HubSpot. This allows you to gain better insights into the behavior of your website visitors and understand their interests and needs. This, in turn, can help in creating personalised content and marketing campaigns that resonate with your target audience. In other words, cookies and HubSpot CMS are both essential tools for managing and optimising your website. By using them together, you gain valuable insights and better align your marketing and sales activities with the needs of your audience.

Customise your cookie banner with your unique style. With HubSpot, you have the ability to customize the layout of your cookie banner, creating an attractive user experience by aligning the look and feel of your cookies with your brand.

Moreover, with HubSpot, you have the flexibility to customise your cookie policy to comply with the requirements of different countries. You can choose to display the cookie banner based on visitors' countries. HubSpot provides built-in cookie policy functionality; customise the cookie banner according to your preferences and let visitors decide which cookies they accept.

With HubSpot, you effortlessly manage your cookie policy while optimising data collection to provide a personalised website experience. Additionally, the implementation of GDPR in HubSpot ensures that users comply with privacy requirements.


Cookie type

Did you know that there are different types of cookies? Each of these different types of cookies has its own specific function and purpose, including:

  • Functional cookies: These cookies are necessary to properly operate the website. For example, they may store the user's language preference or the contents of their shopping cart.
  • Analytical cookies: These cookies are used to collect information about how the website is used. They can track which pages are most visited, how long users stay on the website, and how they navigate.
  • Tracking cookies: These cookies are used to track and analyse user behavior on the website. For instance, they may gather information about which products or services users view or purchase and use this information to display targeted advertisements.

The use of cookies is subject to strict privacy laws in the European Union, such as the General Data Protection Regulation (GDPR). Websites are required to ask for user consent before storing cookies on their computers, and users must have the option to refuse or delete cookies.

With the HubSpot cookie banner, you can easily allow your users to adjust specific settings for each type of cookie.


GDPR in Forms, Documents & Meetings

As a company, it's crucial to comply with the General Data Protection Regulation (GDPR) guidelines when collecting, processing, and storing customers' personal data. This includes considering how you apply GDPR to forms, documents, and meetings. Providing clear information to the person whose data you are collecting is essential, including:

  • Why you are collecting the data
  • How you will use this data
  • Who has access to the data
  • How long you will retain the data

This information can be included in a privacy statement within the form or document. Additionally, you must ensure that the person whose data you are collecting has explicitly given consent for the use of this information. This can be achieved through an opt-in form where the person provides their consent voluntarily and has the option to withdraw it at any time.


Organising meetings is an essential part of business. With HubSpot, you can efficiently schedule meetings using the HubSpot meeting scheduler or other tools like Calendly. The HubSpot meeting scheduler integrates with your HubSpot CRM and other tools, making it easy to book and manage meetings. Whether scheduling an internal meeting or an external appointment with a client, the meeting scheduler simplifies the process, avoiding unnecessary back-and-forth emails.

However, it's crucial to consider that collecting personal data can impact how you organize meetings. It's essential to protect attendees' personal data and ensure it is not distributed beyond what is necessary. In summary, GDPR compliance should be an integral part of designing forms, documents, and meetings. This not only enhances privacy protection but also contributes to building trust between your company and your customers.

Email Subscription types

It's important for a company to have clear management of email subscriptions, allowing users to choose the types of emails they want to receive and the ability to unsubscribe from emails they no longer wish to receive. This can be done through a clear and simple unsubscribe link in each email. Clear communication and management of email subscriptions lead to increased customer satisfaction and better engagement from subscribers. The exact types of email subscriptions may vary by company, depending on goals and customer needs.

  • Opt-in: Contacts with this status have explicitly given permission to receive emails from your brand. This corresponds to the 'subscribed' status for a specific subscription type.
  • Not subscribed or default status: Contacts in this status have not yet decided whether they want to receive emails from your brand. You cannot email a contact in this status without obtaining explicit permission first.
  • Unsubscribed: Contacts in this status have opted out of receiving emails from your brand. You cannot email a contact if the status associated with the email subscription type is 'unsubscribed.'

Offering different subscription types allows your audience to receive specific content they are interested in, making your email communication more relevant and valuable to your subscribers. Here are some examples of emails you can send:

  1. Job Candidates Subscription: This email allows interested candidates to stay informed about new job openings, application tips, company news, and other relevant information related to career opportunities within your organisation.

  2. Blog Updates Subscription: Readers can subscribe to your blog and receive regular updates when new blog posts are published. This is an excellent way to keep your audience informed about valuable content and engage them with your thought leadership.

  3. Marketing Emails Subscription: This type of subscription allows people to receive promotional offers, product updates, exclusive discounts, and other marketing-related content. It enables you to send targeted messages to your audience and keep them informed about your products, services, and offers.

  4. Event Information Subscription Post Registration: After someone registers for an event, this option allows them to receive updates related to the event, such as program changes, speaker updates, logistical information, and other relevant details. This helps create engagement and ensures that participants are well-informed about the event they are attending

Lawfull basis of processing

The lawful basis for processing refers to the legal justification for why a company processes personal data under the General Data Protection Regulation (GDPR).

Under the General Data Protection Regulation (GDPR), companies must have a lawful basis to process personal data. This means that companies need a legal reason to collect, store, use, or share personal data with third parties. The GDPR recognises six different lawful bases for data processing, namely:

  • Consent of the data subject
  • Performance of a contract
  • Legal obligation
  • Vital interests of the data subject
  • Legitimate interests pursued by the data controller or a third party
  • Task carried out in the public interest

Your company must be able to demonstrate which lawful basis you are using for processing personal data. Keeping documentation of consent and other lawful purposes of processing is crucial. The use of HubSpot provides a convenient functionality to incorporate and manage these lawful bases. When creating forms in HubSpot, you can add settings to obtain consent from the data subjects, allowing users to give explicit consent for processing their data.

Additionally, when manually adding a subscription in HubSpot, you also need to record and fill in the consent of the data subject when adjusting the subscription. This ensures that the processing of personal data aligns with legal requirements and that data subjects have control over their data. By utilizing the functionalities built into HubSpot, you can ensure compliance with applicable laws and regulations.

Marketing contacts versus non-marketing contacts

As a company, you have different types of contacts in your database, including marketing and non-marketing contacts. Marketing contacts are individuals who have subscribed to your newsletter or other promotional emails, providing consent to be approached with marketing messages.

Non-marketing contacts are individuals who are customers or have interacted with customer service but have not given consent to be approached with marketing messages. It's important to separate these two types of contacts in your database and use the appropriate opt-ins to comply with GDPR requirements. For marketing contacts, valid consent is necessary, while for non-marketing contacts, legitimate interest may apply to process their data.

Additionally, it's crucial to distinguish between marketing and non-marketing contacts when sending emails. Marketing messages should always be sent to the right opt-ins to avoid sending unwanted emails to the wrong individuals.

In HubSpot, there is a clear separation between marketing contacts and non-marketing contacts. This demarcation even influences the pricing of HubSpot. The pricing for the HubSpot Marketing Hub, which includes email marketing functionalities, is based on the number of marketing contacts. Marketing contacts are those for whom explicit consent has been obtained and who are qualitatively relevant for marketing purposes. This means that HubSpot's pricing is not based on the total number of contacts in HubSpot but on the number of contacts actually considered as marketing contacts. This provides flexibility to use the platform for broader contact management purposes, as you only pay for the marketing contacts actively using it.

By categorising and pricing separately, you can focus on effectively approaching your marketing contacts while optimising the overall costs of using HubSpot. It enables your company to streamline marketing activities, communicate more effectively with marketing contacts, and, consequently, contribute to a more effective marketing strategy and better results.

Double opt-in

Double opt-in is a process where a person must sign up twice for an email list or newsletter to confirm their actual interest in your content. In the first step of the process, the person enters their email address and submits a request to sign up. Subsequently, the person receives an email with a link or button to confirm the subscription. Clicking on the link or button confirms that the person is genuinely interested in your content and gives consent to receive emails. Double opt-in is an essential method to ensure that only interested individuals are included in the list and to reduce the likelihood of spam complaints.


As a leading software platform for inbound marketing, sales, and service, HubSpot provides comprehensive support for GDPR compliance to its users. Here are some ways in which HubSpot supports its users concerning GDPR:

  • HubSpot has a dedicated GDPR webpage where users can find all the information about GDPR and HubSpot's compliance obligations.
  • It offers a Data Processing Addendum (DPA) for users processing their personal data through HubSpot software. This DPA document contains the necessary terms for securing and processing personal data in accordance with GDPR guidelines.
  • HubSpot provides various tools and features to assist users in managing their GDPR requirements, such as the ability to manage user preferences, comply with data access requests, and delete data.
  • It supports the ability to manage opt-ins through the double opt-in feature to ensure that only interested parties are included in lists.
  • HubSpot has an extensive training and documentation program for users to help them enhance their knowledge and understanding of GDPR and support them in their compliance obligations.

In conclusion, HubSpot recognises the importance of GDPR regulations and supports users in meeting their compliance obligations through tools, features, and documentation. By complying with GDPR requirements, HubSpot users can protect their customers' privacy and maintain their business reputation.


With the right knowledge and tools, HubSpot users can remain GDPR-compliant and optimize their efforts while continuing to harness the power of the platform to grow their businesses. Understanding what GDPR entails and its impact on HubSpot users improves your company's data management processes and preserves your customers' trust. In essence, by merging GDPR and HubSpot, you ensure stronger data security, higher customer satisfaction, and ultimately more success in your business operations.

Want to learn more? Schedule a conversation quickly and easily!

: This blog post is not legal advice for your company to comply with EU data privacy laws, such as the GDPR. Instead, it provides background information to help you better understand the GDPR. This legal information is not the same as legal advice, where an attorney applies the law to your specific circumstances, so we insist that you consult with a lawyer if you want advice regarding your interpretation of this information or its accuracy.

In short, you should not rely on this as legal advice or as a recommendation of any particular legal understanding.

Stay in touch



Subscribe to our newsletter