Skip to content

Turn on GDPR privacy settings in your HubSpot account

Last updated: September 21, 2023

Available with any of the following subscriptions, except where noted:

All products and plans

The General Data Protection Regulation (GDPR) is an EU regulation that replaced the 1995 EU Data Protection Directive (DPD). The GDPR enhances the protection of the personal data of EU citizens and increases the obligations on organizations who collect or process personal data. 

Please note: while these features live in HubSpot, your legal team is the best resource to give you compliance advice for your specific situation.

If you are a Super Admin or have Edit account defaults permissions turned on, you can turn on GDPR in your HubSpot account settings. This is a centralized place to automatically enable GDPR-compliant features throughout your HubSpot account: 

  • In your HubSpot account, click the settings settings icon in the main navigation bar.
  • In the left sidebar menu, select Privacy & Consent
  • Click to toggle the General Data Protection Regulation (GDPR) privacy settings switch on. In the pop-up box, click Yes, turn on GDPR settings.
    • To only send marketing emails to contacts with a legal basis to communicate, select the Legal basis for emails checkbox. Click Save. Then, to only send customer feedback surveys after setting a default consent method for contacts, click Edit legal basis for surveys. You will then need to choose a default legal basis to communicate, which will be assigned to all contacts.

Please note: legal basis to communicate is email address-based. Contacts must give consent for each email address they would like to receive emails for.

  • Click Save.


When the Legal basis required checkbox is selected, all subscription types on a contact's email subscription page will be unchecked by default.

Once GDPR is enabled, you'll have the following features in your account: 

  • Cookie consent banner toggled ON by default.
  • If you're using the HubSpot Sales extension or add-in, banners on contact records notifying you if a contact does not have a legal basis for processing.
  • GDPR-ready forms with a legal basis notice and communication consent checkbox form field for newly created forms. For existing forms, you will need to add notice and consent information for each form.
  • Unsubscribe links turned ON by default for sales one-to-one and sequences emails for users added after GDPR is enabled. For existing users, this will remain the same based on their previous setting.
  • Scheduling pages that include the notice/consent messaging by default (scheduling pages created before enabling GDPR will not be updated to include this message).
  • Ability to add communication consent and legal basis for processing to contacts via a list import, bulk edit, or manual contact creation.
GDPR delete functionality is available to all accounts. This will give you the choice to either delete a contact and keep the option to restore within 90 days, or delete the contact fully to comply with GDPR. 

Please note: if you turn off GDPR in your account, the cookie consent banner will not be automatically turned off. 

Continue setting up GDPR functionality by clicking the setup tasks under GDPR privacy setup.



Was this article helpful?
This form is used for documentation feedback only. Learn how to get help with HubSpot.