Last updated: October 13, 2020
|All products and plans|
Under the General Data Protection Regulation (GDPR), contacts in your account have the right to request that you delete all of their personal data. When this happens, the GDPR requires that you permanently remove the contact record from your database, including email tracking history, call records, form submissions, and other engagement data and activity. Typically, these requests should be attended to within 30 days. The right to deletion is not absolute, and can depend on the context of the request, so it doesn’t always apply.
Please note: while these features live in HubSpot, your legal team is the best resource to give you compliance advice for your specific situation.
In HubSpot, GDPR-compliant deletion includes a blocklist functionality, which means that once a contact is GDPR-deleted, you will not be able to add them back to your account in the future. This functionality is supported by anonymized data. If a GDPR-deleted contact chooses to fill out a form on your website, they will be added back to your account.
Please note: while the contact's personal data will be deleted, anonymized analytics data will remain. For example, the contact's sessions will continue to be reflected in your sources report, but you won’t be able to identify the individual contact. Similarly, if you’ve sent emails to the contact or the contact filled out a form, the analytics will still be reflected in the email performance (opens, clicks, etc.) and number of form submissions, but the contact's information will no longer appear.
To delete a contact in compliance with GDPR:
If a record is already deleted and sent to the recycle bin (i.e., a normal delete and not a GDPR-compliant delete), you can still permanently delete it. This can apply to other standard object records such as companies, deals, and tickets.
Up to 30 days after this deletion is initiated, a GDPR-compliant purge will be performed. The record will be removed from your HubSpot account along with the following information:
If you have the ads add-on, when you perform a GDPR-compliant delete of a contact, they will also be deleted from your syncing Facebook ads audience, ensuring that you no longer send advertisements to this contact. HubSpot will not automatically delete any blog comments the contact left on your blog posts, so you will need to manually delete the blog comments.
The General Data Protection Regulation (GDPR) is a new EU regulation that replaced the 1995 EU Data...
When you use the Notice and Consent (GDPR) field group in forms or pop-up forms or the Privacy and Consent...
Find links to resources about HubSpot's General Data Protection Regulation (GDPR) functionality. Please note: