Track legal basis of processing in HubSpot

Under the General Data Protection Regulation (GDPR) and other data privacy laws, companies need a legal reason to use and process contact data and must keep records of consent and evidence of other legal purposes of processing. 

The contact property Legal basis for processing contact's data helps you collect, track, and store legal basis of processing via contract, legitimate interest, and/or consent for your HubSpot contacts. According to GDPR, businesses are required to have at least one of six legal bases as a valid reason for processing data. There may be more than one legal basis that fits each situation.

Please note: while HubSpot provides this feature, your legal team is the best resource to give you compliance advice for your specific situation.

View the property and understand each legal basis

• In your HubSpot account, click the settings settings icon in the main navigation bar.
• In the left sidebar menu, navigate to Properties.
• Search for and click the property Legal basis for processing contact's data.
• In the property, you can view six default property options. The first three options are different types of legitimate interests. A legitimate interest is when businesses have a necessary and legal business reason to process a contact's personal data in a way the contact would expect.
  
  • Legitimate interest - prospect/lead: When processing data from a prospect or lead to communicate about potential business. For example, processing a prospect's name and email after they've signed up to receive a newsletter. A prospect or lead is a contact that has expressed interest in a business but hasn't bought any goods or services.
  • Legitimate interest - customer: When processing data for a customer is necessary to support the ongoing business relationship. For example, updating a customer's address or sending them information about a new store opening. A customer is someone who has bought goods or services from a business.
  • Legitimate interest - other: When there's a legal reason for processing a contact's data in a way the contact would expect from the business, but the type of contact or business relationship doesn't match any of the other HubSpot categories given.
  • Performance of a contract: When processing contact data is needed to complete tasks under a contract or before formally starting a business relationship. For example, processing a contact's email addresses after they've requested a quote through email.

• • Freely given consent from contact: When a contact has given direct consent to process their personal data, for example when a contact creates an account profile with a business and agrees to communication. Consent should be specific, informed, and unambiguous.

• • Not applicable: When a legal reason to process contact data is not required. For example, the contact is not an EU citizen covered under GDPR privacy laws.

Please note: by selecting Legal basis for processing contact's data as Not applicable the contact will be eligible to receive emails from your account if they are included in the recipient list.

Grant legal basis 

You can add consent and legal basis to contacts when you:

• complete a list import.
•  create a contact.
• edit a legal basis for surveys. 
• give a one-time legal basis when you send an email to a contact. 
• grant it for a single contact. 
• grant it for contacts in bulk. 
• remove an opt-out of email status.
• resubscribe a contact to marketing emails after they opt out.
• subscribe a contact to a subscription type.
• update the subscription status of a contact with a workflow.

Grant legal basis for a single contact

• Navigate to Contacts in your HubSpot account. 
• Click the name of a contact.
• In the left panel, click View all properties. 
• Search for and click the Legal basis for processing contact's data property. 
• Select a value for the property, and at the bottom, click Save. 
  

Grant legal basis in bulk

To grant legal basis in bulk to your contacts:

• In your HubSpot account, navigate to Contacts > Contacts.
• Select the checkbox to the left of the records you want to edit, or select the checkbox to the left of the Name column, then click Select all [number] contacts to edit multiple contacts.
• Click More > Add legal basis for processing contact's data.
• In the dialog box, click the Legal basis for processing contact's data dropdown menu and select a legal basis for your contacts.

• Click Update

Please note: when using Gmail, Outlook desktop, or Office 365, email opens can only be tracked for contacts with an assigned legal basis. Learn more about email tracking with the Chrome extension when GDPR settings are enabled.