Perform a GDPR-compliant delete in HubSpot

Last updated: November 12, 2018


Under the General Data Protection Regulation (GDPR), an individual contact in your HubSpot contacts database has the right to request that you delete all the personal data you have about them. In these cases, the GDPR requires the permanent removal of their contact record from your database, including email tracking history, call records, form submissions, and other engagement data and activity.
You’ll typically need to respond to these requests within 30 days. The right to deletion is not absolute, and can depend on the context of the request, so it doesn’t always apply. 

Please note: while these features live in HubSpot, your legal team is the best resource to give you compliance advice for your specific situation.

To perform a GDPR-compliant deletion in HubSpot, you must be a Super Admin in your account and GDPR features must be enabled. Once you've confirmed the features are enabled:

  • In your HubSpot account, navigate to Contacts > Contacts.
  • Click the name of the contact. Please note that GDPR-compliant deletions can only be performed on individual contact records. You cannot perform GDPR-compliant deletions in bulk using lists of contacts or workflows.  
  • Below the contact's name at the top left, click Actions, then select Delete
  • In the dialog box, select the Delete this contact and all its associated content to follow privacy laws and regulations radio button. Then click Delete.


Up to 30 days after this deletion is initiated, a GDPR-compliant purge will be performed, where the contact record along with the following information will be removed from your HubSpot account: 

  • Salesforce connector
  • Contacts data 
  • Analytics data
  • Calling data
  • Form submissions
  • Feedback data
  • Integrations data 
  • Emails
  • Notifications
  • Meetings 
  • Engagements
  • Conversations 
  • Bots 

If you have the ads add-on, when you perform a GDPR compliant delete of a contact, they will also be deleted from your syncing Facebook ads audience, ensuring that you no longer send advertisements to this contact.

Please note: while the contact's personal data will be deleted, anonymized analytics data will remain. For example, the contact's sessions will continue to be reflected in your sources report, but you won’t be able to identify the individual contact. Similarly, if you’ve sent emails to the contact or the contact filled out a form, the analytics will still be reflected in the email performance (opens, clicks, etc.) and number of form submissions, but the contact's information will no longer appear. 

What happens if the deleted contact is added to my HubSpot account again?

The GDPR delete also involves a blacklist functionality, which will notify you in-app if you try to add a previously deleted contact to your HubSpot account again. This functionality is supported by anonymized data.

Free Inbound Marketing Training Learn inbound marketing techniques that range from creating content, using  social promotion, converting and nurturing leads, and all the way to marketing  to your customers. Start the course