The recent change in Europe’s General Data Protection Regulation (GDPR) is quickly affecting business policy across the US. This legal framework is a set of principles or guidelines that manage data collection and the processing of personal information. EU GDPR requires that companies obtain explicit consent from individuals residing in Europe before collecting personal data. Failure to do this can result in a substantial fee and possibly other consequences. This non-solicitation regulation affects US industries due to the collection of marketing data that occurs across all continents and on multiple channels within the web.
Fortunately, HubSpot is one step ahead of the game. The company has incorporated digital support for businesses, like Big Presence, who have taken the initiative in updating their companies as well as their own privacy policies and practices in due diligence. This blog will discuss what steps to take to ensure that your company is complaint and how HubSpot is helping to make the process more efficient and simple.
Tackling GDPR Changes Using Hubspot
There are few main things to look at as you’re preparing to making revisions in compliance to GDPR. Most GDPR guidelines are designed to help contacts to specify what they want to receive from a business and to assist with data collection transparency. Taking note of the specifications will helps to guarantee confidence that your company is protected. To make things easier, HubSpot has designed a toggle and updated software functionality for HubSpot users to assist with most policy clauses. Here we’ve listed some notable GDPR regulation standards along with the HubSpot features that are designed to help:
- Lawful Basis of Processing. Companies must have a legal reason for contacting and individual.
HubSpot Feature: A new property has been added to track lawful basis, allowing the controller to manually edit or automate when a contact signs a contract. - Consent / Withdrawal of Consent. Contacts must affirmatively opt-in and have the option to opt-out of data collection. Consent must be granular. Pre-checked boxes are not valid.
- Cookies. Notice of cookie tracking must be provided along with notification of consent.
HubSpot Feature: Notification for enabling cookies and affirmative opt-in on HubSpot hosted sites will now be defaulted to the appropriate language based on location.> - Deletion. Individuals can request for removal of past data collection. Removal must be permanent, including all email history, call records, form submissions, etc.
HubSpot Feature: A tool for permanent deletion is available. - Data Access, Portability & Modification. Request for data access by individuals must be provided in readable format. Personal data must be modified per user request if it is incorrect or incomplete.
HubSpot Feature: Data can be exported and modified through the HubSpot contact record. - Security.All collected data must be protected.
HubSpot Feature: Security features on all HubSpot accounts have been upgraded.
HubSpot Feature: Tools have been designed help to manage consent via forms, messages and meetings. Forms can be hyperlinked with policies and subscription pages updated. Other contact creations such as imports, APIs and manual additions will also include consent tracking. Contacts can opt-out via subscription preferences.
GDPR Compliance: Your First Steps
Once you’ve taken a look at GDPR standards and analyzed the best way for your company to get updated, it’s important to begin taking protective measures immediately. We recommend reviewing active company web pages and any related communication automation. Here are some steps to get you started:
- Update Your Privacy Policy. Include a privacy policy bar at the top or bottom of your website, notifying users of tracking cookies. Make sure that the policy is visible, up-to-date with GDPR compliance, and that you have acknowledged that users can either accept or decline.
- Notify Users on all Forms. Make sure to include a statement on forms to notify users of the privacy policy and their right to unsubscribe.
- Revise Email Automations. The policy states that initial contact is only permissible if the individual has shown legitimate interest in the business. Remember to make changes to any email automations your company has in place that can result in a cold email to Europe.
As you make these updates, remember that these new regulations only apply to contacts in Europe. It might also be helpful to go back and review the GDPR clauses as you modify. Best of luck!