Track legal basis of processing in HubSpot

Under the General Data Protection Regulation (GDPR) and other data privacy laws, companies need a legal reason to use and process contact data and must keep records of consent and evidence of other legal purposes of processing. 

The contact property Legal basis for processing contact's data helps you collect, track, and store legal basis of processing via contract, legitimate interest, and/or consent for your HubSpot contacts. According to the GDPR, businesses are required to have at least one legal basis as a valid reason for processing data. There may be more than one legal basis that fits each situation.

Please note: while HubSpot provides this feature, your legal team is the best resource to give you compliance advice for your specific situation.

View the property and understand each legal basis

• In your HubSpot account, click the settings settings icon in the top navigation bar.
• In the left sidebar menu, navigate to Properties.
• Search for and click the property Legal basis for processing contact's data.
• In the property, you can view six default property options. The first three options are different types of legitimate interests. A legitimate interest is when businesses have a necessary and legal business reason to process a contact's personal data in a way the contact would expect.
  
  • Legitimate interest - Lead: When processing data from a prospect or lead to communicate about potential business. For example, processing a prospect's name and email after they've signed up to receive a newsletter. A prospect or lead is a contact that has expressed interest in a business but hasn't bought any goods or services.
  • Legitimate interest - Customer: When processing data for a customer is necessary to support the ongoing business relationship. For example, updating a customer's address or sending them information about a new store opening. A customer is someone who has bought goods or services from a business.
  • Legitimate interest - Other: When there's a legal reason for processing a contact's data in a way the contact would expect from the business, but the type of contact or business relationship doesn't match any of the other HubSpot categories given.
  • Performance of a contract: When processing contact data is needed to complete tasks under a contract or before formally starting a business relationship. For example, processing a contact's email addresses after they've requested a quote through email.

• • Freely given consent from contact: When a contact has given direct consent to process their personal data, for example when a contact creates an account profile with a business and agrees to communication. Consent should be specific, informed, and unambiguous.

• • Not applicable: When a legal reason to process contact data is not required. For example, the contact is not an EU citizen covered under GDPR privacy laws.

Please note: by selecting Legal basis for processing contact's data as Not applicable the contact will be eligible to receive emails from your account if they are included in the recipient list.

Grant legal basis 

After you turn on data privacy settings, you can add consent and legal basis to contacts during the following:

• Completing a list import.
• Creating a contact.
• Editing a legal basis in surveys. 
• Giving a one-time legal basis when you send an email to a contact. 
• Granting it for a single contact. 
• Granting it for contacts in bulk. 
• Removing an opt-out of email status.
• Resubscribing a contact to marketing emails after they opt out.
• Subscribing a contact to a subscription type.
• Updating the subscription status and Legal basis for processing contact's data property of a contact in a workflow.

Grant legal basis for a single contact

• In your HubSpot account, navigate to CRM > Contacts.
• Click the name of a contact.
• In the left panel, click Actions and select View all properties. 
• Search for and click the Legal basis for processing contact's data property. 
• Select the checkboxes next to the values that you'd like to use.
• At the bottom, click Save.

Grant legal basis in bulk

To grant legal basis in bulk to your contacts:

• In your HubSpot account, navigate to CRM > Contacts.
• To select specific contacts, select the checkbox next the records you want to edit.
• To select all contacts, select the checkbox at the top of the table, then click Select all [x] contacts.
• At the top of the table, click More and select Add legal basis for processing contact's data.
• In the dialog box, click the Legal basis for processing contact's data dropdown menu and select the checkboxes next to the options that you'd like to apply to your contacts.
• Click Update.