The General Data Protection Regulation (GDPR) is a new EU regulation that replaced the 1995 EU Data Protection Directive (DPD). The GDPR enhances the protection of the personal data of EU citizens and increases the obligations on organizations who collect or process personal data.
Please note: while these features live in HubSpot, your legal team is the best resource to give you compliance advice for your specific situation.
If you are a Super Admin or have Edit account defaults permissions enabled, you can turn on GDPR in your HubSpot account settings. This is a centralized place to automatically enable GDPR-compliant features throughout your HubSpot account:
- In your HubSpot account, click the settings icon settings in the main navigation bar.
- In the left sidebar menu, select Account Defaults.
- Click to toggle the EU General Data Protection Regulation (GDPR) switch on. To only send marketing emails to contacts with a legal basis to communicate, select the Only allow marketing emails to be sent to contacts who have a legal basis to communicate checkbox.
- Click Save.
Once GDPR is enabled, you'll have the following features in your account:
- Cookie consent banner toggled ON by default.
- GDPR delete functionality, which will give you the choice to either delete a contact and keep the option to restore within 90 days, or delete the contact fully to comply with GDPR.
- If you're using the HubSpot Sales extension or add-in, banners on contact records notifying you if a contact does not have a lawful basis for processing.
- GDPR-ready forms with a lawful basis notice and communication consent checkbox form field.
- Unsubscribe links turned ON by default for sales one-to-one and sequences emails.
- Meetings links that include the notice/consent messaging by default (meetings links created before enabling GDPR will not be updated to include this message).
- Ability to add communication consent and lawful basis for processing to contacts via a list import, bulk edit, or manual contact creation.
Please note: if you disable GDPR in your account, the cookie consent banner will not be automatically disabled.