CRM

HubSpot's GDPR Tools & How to Use Them

HubSpot offers a set of tools that allow companies to comply with the GDPR. These tools are available in both the free and paid versions of HubSpot.


The General Data Protection Regulation (GDPR) is a set of regulations introduced by the European Union to protect the privacy of EU citizens by regulating how businesses collect, use, and store their personal data. Compliance with GDPR regulations is essential for businesses that want to operate in the EU and avoid hefty fines for non-compliance.

The GDPR is a complex set of regulations with many requirements, making it challenging for businesses to comply with them fully. However, using HubSpot's GDPR tools can help businesses comply with the regulation and protect the data of their customers and website visitors. HubSpot GDPR Tools is a suite of features designed to help businesses comply with GDPR regulations, including the Cookie Consent Banner, Cookie Policy Generator, User Consent Logs, DSAR Tool, and HubSpot Cookie Scanner.

In this blog post, we will explore each of the HubSpot GDPR tools in detail and explain how they can help businesses comply with GDPR regulations. But before we dive into the tools, let's take a closer look at the GDPR and why compliance is essential for businesses operating in the EU.

Enable GDPR Tools Mini

What is GDPR?

The General Data Protection Regulation (GDPR) is a set of regulations introduced by the European Union to protect the privacy of EU citizens by regulating how businesses collect, use, and store their personal data. The regulation sets out strict rules about how personal data must be collected, used, and protected. It gives individuals the right to know what personal data is being collected about them, the right to have that data erased, and the right to object to its use. 

The regulation applies to any company that processes or intends to process the data of individuals in the EU, regardless of whether the company is based inside or outside the EU. The regulation comes into force on May 25, 2018.

The UK's Information Commissioner's Office (ICO) is still following the GDPR, and many other countries worldwide have started applying GDPR as a standard to protect the privacy of their citizens. 

In the United States, the California Consumer Privacy Act (CCPA) is a state-wide data privacy law that protects the personal data of Californian residents from privacy violations. The CCPA regulates the use of cookies that sell personal information, similar to the GDPR. The CCPA has set new standards for privacy laws in the United States, and other states are beginning to follow California's lead by introducing similar laws. 

It's important for businesses to comply with these privacy laws to protect the personal data of their customers and website visitors. Failure to comply with these laws can result in hefty fines and damage to a business's reputation. By complying with privacy laws like the GDPR and CCPA, businesses can build trust with their customers and protect their data from potential privacy violations. [[1](https://gdpr.eu/what-is-gdpr/)].

GPDR EU IMAGE

What are the goals of GDPR?

  1. Transparency, fairness and lawfulness
  2. Purpose limitation.
  3. Data minimisation.
  4. Accuracy.
  5. Storage limitation.
  6. Integrity and confidentiality (security)
  7. Accountability.

What are the benefits of GDPR?

The benefits of GDPR are twofold:
First, it strengthens the privacy rights of individuals by giving them more control over their personal data.
Second, it creates a level playing field for companies that process data, regardless of where they are located.

By giving individuals more control over their personal data, GDPR will help to build trust between individuals and companies. This trust is essential for the digital economy to function properly.
By creating a level playing field for companies that process data, GDPR will promote competition and innovation. This will benefit consumers by giving them more choices and better quality products and services

HubSPOT GDPR Features Compliance

What are the Data Protection Rights?

  • The right to be informed about the collection and use of their personal data
  • The right to access the data you hold about them.
  • The right to rectification of the data you hold about them.
  • The right to erasure the data you hold about them.
  • The right to restrict the processing of their personal data or use their personal data for a particular purpose
  • The right to data portability. If they have provided personal data to you directly,
    you are using it with your consent to provide them with more details
    about you as a company, or in the performance of a contract as a supplier to them.
  • The right to object to you holding data about them.
  • Rights in relation to automated decision-making and profiling.

What are the penalties for non-compliance?

The penalties for non-compliance with GDPR are severe. Companies can be fined up to 4% of their annual global turnover or €20 million (whichever is greater), whichever is greater.

What are the steps my company needs to take to comply with GDPR?

There are a number of steps your company will need to take in order to comply with GDPR. These include:

1. Appoint a data protection officer (DPO).
2. Conduct a data audit to identify what personal data you hold and where it came from.
3. Developing policies and procedures to ensure compliance with GDPR.
4. Training staff on GDPR and ensuring they understand their obligations.
5. Putting in place mechanisms to allow individuals to exercise their rights under GDPR.
6. Establishing processes for dealing with data breaches.
7. Register with the supervisory authority if you are processing large amounts of data or if you are processing sensitive data.
8. Assessing the impact of your business activities on the privacy of individuals (Data Protection Impact Assessment).
9. Obtaining consent from individuals before collecting, using, or sharing their personal data
10. Keeping records of your compliance with GDPR.

Your company will also need to review its contracts with third-party service providers to ensure they comply with GDPR. Failure to comply with GDPR can result in severe penalties, including fines of up to 4% of annual global turnover or €20 million (whichever is greater).


Subscription Types Mini HubSpot

 What is a Data Controller, Data Processor and Sub-Processor? 

Data protection regulates how information is shared between data controllers and data processors, each with its own designated responsibilities and means for meeting data protection regulations. The goal is to take all possible means to protect individual privacy while storing and sharing information about website users, prospects and customers for transparent purposes. 

Data Controller:​

A website owner, or a company that collects personally identifiable information such as website cookies, or email addresses recorded as leads through web contact request forms.

A data controller must define the purposes and means of processing personal data such as information about website users (Inbound Scaling Ltd in the data controller for the website inboundscaling.com).

Data Processor:​

Responsible for processing personal data on behalf of a data controller. Examples of Data Processors we use include online advertising systems such as Google Ads, Facebook Ads, and LinkedIn Ads, as well as the web analytics tool Google Analytics. 

Data Sub-processor:​

In today’s internet age, most companies use third-party hosted cloud software and services such as web hosting, accounting software, online banking, and website CMS platforms and CRM systems. You may employ third-party companies and individuals to facilitate our Service (“Service Providers”), to provide the service on your behalf, to perform a service-related activity or to assist you in analysing how your service is used. These third parties should have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. Any third-party company that provides specialist services such as an accountant, auditor, web hosting company, web developer or sub-contractor.

Cookies HubSpot GDPR

What is the difference between GDPR and the Data Protection Act?

The Data Protection Act is a UK law that sets out how personal data must be collected, used, and protected. It gives individuals the right to know what personal data is being collected about them, the right to have that data erased, and the right to object to its use.

The Data Protection Act applies to any company that processes or intends to process the data of individuals in the UK. GDPR is an EU regulation that sets out similar rules about how personal data must be collected, used, and protected. It gives individuals the same rights as those set out in the Data Protection Act, but with some additional rights. For example, GDPR gives individuals the right to know why their data is being collected and the right to have their data erased (“right to be forgotten”).

GDPR applies to any company that processes or intends to process the data of individuals in the EU, regardless of whether the company is based inside or outside the EU.

GDPR Compared with the General Data Protection Regulation?

The General Data Protection Regulation (GDPR) is an EU regulation that sets out similar rules about how personal data must be collected, used, and protected. It gives individuals the same rights as those set out in the Data Protection Act, but with some additional rights. For example, GDPR gives individuals the right to know why their data is being collected and the right to have their data erased (“right to be forgotten”).

GDPR applies to any company that processes or intends to process the data of individuals in the EU, regardless of whether the company is based inside or outside the EU.

The main difference between GDPR and the Data Protection Act is that GDPR applies to any company that processes or intends to process the data of individuals in the EU, regardless of whether the company is based inside or outside the EU. The Data Protection Act only applies to companies that are based in the UK.

HubSpot GDPR 2

How to Opt-out of third-party Cookies

When people visit your website, they should have the option to accept or reject your privacy and cookie policy. However, if they do accept your cookie policy, you will share their data with Google or Facebook (et all) if your website contains tracking codes like Google Analytics, Ads and the Facebook pixel. This will allow you to remarket adverts by sharing your cookie data with data processors like Google and Facebook. Your website can still opt out of seeing our ads if you want to by following the instructions below.

Disable website cookies

Cookies help you to get the most out of our websites. However, if you wish to disable our cookies, then follow the steps provided by your browser. (e.g. Chrome, Firefox, Safari). 

How to Opt-out of adverts shown by Google Ads
https://www.google.com/settings/anonymous
https://support.google.com/adsense/

How to Opt-out of adverts shown by Facebook Ads.
https://en-gb.facebook.com/opt-out

How to Opt-out of adverts shown by LinkedIn Ads.
https://www.linkedin.com/opt-out

How to Opt-out of adverts shown by Twitter Ads.
https://help.twitter.com/privacy-controls-for-tailored-ads

General information on the practice of display and social advertising in the EU and America?

Users of the world wide web that are based in the UK and the rest of the European Union can visit www.youronlinechoices.eu
and users of the worldwide web-based in the US can visit http://www.aboutads.info/choice
The above websites are independent of Inbound Scaling Ltd, and we are not responsible for their content.

Create GDPR Policy Privacy Constent

GDPR Tips

  • Know the difference between GDPR and the Data Protection Act.
  • Be aware of the additional rights that GDPR gives individuals.
  • Make sure you have policies and procedures in place to comply with GDPR.
  • Train your staff on GDPR and make sure they understand their obligations.
  • Put in place mechanisms to allow individuals to exercise their rights under GDPR.
  • Establish processes for dealing with data breaches.
  • Register with the supervisory authority if you are processing large amounts of data or if you are processing sensitive data.
  • Assess the impact of your business activities on the privacy of individuals (Data Protection Impact Assessment)
  • Obtain consent from individuals before collecting, using, or sharing their personal data
  •  Keep records of your compliance with GDPR.
  • Your company will also need to review its contracts with third-party service providers to ensure they comply with GDPR.

How your website users can exercise their GDPR Rights with you

Your website privacy policy informs site users how they collect and use your data and your purposes for processing your personal data.

Your website cookie banner gives the choice of accepting or rejecting your privacy and cookie policies. You should give them transparency on what data you collect, and how you collect their data, as well as the control to prevent or restrict the sharing of their data.

You should not share client data with data processors like Google and Facebook unless they choose to accept your cookie banner policy.  

How do your website users exercise their right to access the data you hold about them?

They can make subject access request details and a copy of the personal data you have about them. All subject access requests should be made in writing and sent to the email to your DPO. 

They can also ask you for copies of their personal information in writing or verbally. This is called the right of access and is commonly known as making a SAR (subject access request). 

How to exercise their right to rectification of the data you hold about them?

They can make a request for rectification verbally or in writing. You shall respond to you within the permitted time of 1 month or sooner with confirmation of the updated changes.

How to exercise your right to erasure the data we hold about you?

Also known as 'the right to be forgotten, you must provide the right to the erasure of the data you hold about someone. They have the right to ask you whether or not you are using or storing their personal information. They can request what information you have recorded about them. This includes contact details you have previously been provided with, like their email address, phone number and first-party website cookie and IP data.

They can execute your right with a written request to our organisation, addressed to your Data Protection Officer (DPO). 
Upon request, you shall delete all electronic records you have of them including their email and contact record from our CRM system, as well as their 1st-party website cookie history. For past customers, the only information you are obligated to maintain are invoices and payment history for financial accounting compliance.

How to exercise their right to restrict the processing of their personal data or use their personal data for a particular purpose?

You can limit the way our organisation uses their data. This is an alternative to requesting the erasure of your data.
For example, they can unsubscribe from your email marketing emails while still being able to use your website or be a customer. They can contact you to exercise their right to restrict the processing of their personal data. 

How can they exercise their right to data portability?

They can request their personal data from you in a format that is: Structured, commonly used, and machine-readable.

How to exercise their right to object to you holding data about them?

They can object to processing your data when:

  • for a task carried out in the public interest.
  • for the exercise of official authority.
  • for their legitimate interests.
  • for scientific or historical research, or statistical purposes; or
  • for direct marketing purposes.
  • In order to object they should inform you directly that they don’t want you to process their data and explain why they believe you should stop using their data in this way. They can make your request verbally or in writing.

How to exercise their rights in relation to automated decision-making and profiling.

They have the right to not be subject to a decision based solely on automated processing. Processing is “automated” where it is carried out without human intervention and where it produces legal effects or significantly affects them.

An example of automated decision-making, and profiling is applying for credit on their behalf without your consent. You should not automate processing and profiling that will have any legal or significant effects on them.


HubSpot GDPR consent checkbox

Google Analytics and GDPR

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google Analytics uses cookies to collect anonymous visitor data, which is then used to generate reports about website usage trends.

Under GDPR, companies must obtain consent from individuals before collecting or using their personal data. This includes cookies and other similar technologies that are used to track website visitors. As a result, Google has updated its terms of service for Google Analytics to require customers to get consent from individuals before using the service.

If you use Google Analytics on your website, you will need to update your privacy policy to include information about the use of cookies and how individuals can opt out of having their data collected. You will also need to add a notice on your website that informs visitors that you are using Google Analytics and that they can opt out of having their data collected.

The Google Analytics terms of service also require customers to keep their privacy policy up to date and to provide individuals with an easy way to opt out of having their data collected. Google has released a tool that allows website owners to generate the necessary code to add the opt-out notice to their website. You can find more information about Google Analytics and GDPR here


Google Analytics GDPR

Google Ads GDPR

Google Ads is a service offered by Google that allows businesses to place ads on Google.com and other Google properties.

Under GDPR, companies must obtain consent from individuals before collecting or using their personal data. This includes cookies and other similar technologies that are used to track website visitors. As a result, Google has updated its terms of service for Google Ads to require customers to get consent from individuals before using the service.

If you use Google Ads on your website, you will need to update your privacy policy to include information about the use of cookies and how individuals can opt out of having their data collected. 

HubSpot Forms Subscription Type lawful basis

Facebook and GDPR

Facebook is a social networking service that allows users to connect with friends and family.

Under GDPR, companies must obtain consent from individuals before collecting or using their personal data. This includes cookies and other similar technologies that are used to track website visitors. As a result, Facebook has updated its terms of service to require customers to get consent from individuals before using the service.

If you use Facebook on your website, you will need to update your privacy policy to include information about the use of cookies and how individuals can opt out of having their data collected. You will also need to add a notice on your website that informs visitors that you are using Facebook and that they can opt out of having their data collected.

HubSpot GDPR 7

Using HubSpot with GDPR

HubSpot offers a set of tools that allow companies to comply with the GDPR. These tools are available in both the free and paid versions of HubSpot. In this blog post, we will show you how to use HubSpot's GDPR tools to protect the data of your customers and website visitors.

HubSpot GDPR Tools is a suite of features that help businesses comply with the General Data Protection Regulation (GDPR) introduced by the European Union. The GDPR is a set of rules that aim to protect the privacy of EU citizens by regulating how businesses collect, use, and store their personal data. In this blog post, we will explore each of the HubSpot GDPR tools and how they can help businesses comply with GDPR regulations.

HubSpot's GDPR Tools


1. Cookie Consent Banner:
The Cookie Consent Banner is a tool that appears on your website, informing visitors that you use cookies to collect their personal data. The banner includes a link to your privacy policy, where visitors can find more information about the data you collect and how you use it. This tool helps businesses comply with GDPR regulations, which require businesses to obtain consent before collecting personal data through cookies.

2. Cookie Policy Generator:
The Cookie Policy Generator is a tool that creates a privacy policy for your website. This privacy policy explains how you collect, use, and store data through cookies, and provides visitors with the information they need to make an informed decision about whether to allow cookies on your website. The Cookie Policy Generator is fully customizable and can be tailored to your business needs.

3. User Consent Logs:
User Consent Logs are a feature that records when a visitor gives consent to the use of cookies on your website. This tool allows businesses to demonstrate GDPR compliance by showing that they have obtained consent before collecting personal data. The User Consent Logs also provide an audit trail that businesses can use to show that they have followed GDPR regulations.

4. Data Subject Access Request (DSAR) Tool:
The Data Subject Access Request (DSAR) Tool is a feature that allows businesses to handle requests from individuals who want to access their personal data. The tool streamlines the process of responding to DSARs and ensures that businesses are complying with GDPR regulations. The DSAR Tool provides a centralized location for managing DSARs and allows businesses to track their progress.

5. HubSpot Cookie Scanner:
The HubSpot Cookie Scanner is a new tool that helps businesses identify cookies on their website and determine whether they are compliant with GDPR regulations. The tool scans your website for cookies and generates a report that identifies non-compliant cookies. The report also includes recommendations for how to make the cookies compliant. The HubSpot Cookie Scanner is an essential tool for businesses that want to ensure GDPR compliance. 

Conclusion

In conclusion, HubSpot GDPR Tools is a set of features that help businesses comply with GDPR regulations. These tools include the Cookie Consent Banner, Cookie Policy Generator, User Consent Logs, DSAR Tool, and HubSpot Cookie Scanner. Each tool plays a vital role in ensuring GDPR compliance, and businesses should consider using them to protect the privacy of their customers. With the new HubSpot Cookie Scanner, businesses can quickly identify non-compliant cookies and take action to ensure compliance.

By using HubSpot GDPR Tools, businesses can demonstrate their commitment to protecting the privacy of their customers and website visitors. They can also build trust with their customers by providing transparency in their data processing activities. In conclusion, HubSpot GDPR Tools is an essential suite of features that businesses should consider using to help comply with GDPR regulations and protect the privacy of their customers

Similar posts

Get notified on new HubSpot insights

Be the first to know about new HubSpot nsights to build or refine your business with the tools and knowledge of today’s best practises.