Skip to content

How to Cure Post-GDPR Marketing Compliance

June 09, 2018

The GDPR came into play on the 25th of May. It means that businesses need to follow new rules for processing data and using data for communications.

In case you’ve been living under a rock for the last year, the GDPR came into play on the 25th May.

“The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world.”

It means that businesses need to adhere to new rules for the processing of data and using data for communications (such as emails). Companies not adhering to the new rules will potentially face huge fines. Find out more in the Email In A Post GDPR World webinar that we are holding later this month. 

Good news for consumers receiving hundreds of spam emails – but bad news for marketing. However, we can offer you a solution to this problem: HubSpot.



HubSpot have updated their features to ensure that incorporating GDPR into your marketing strategy is as simple as can be.

Their new features cover the key points within GDPR, including:

  • Cookies – The use of Cookies on your website, including authorisation and ‘opt-in’ from the visitor.
  • Lawful basis – GDPR means that you must now have a lawful basis to use someone’s data, either via consent or notice. HubSpot have broken down lawful basis into two categories: lawful basis to process (i.e. store someone’s data in your CRM or provide some content requested) and lawful basis to communicate (sending someone a marketing email or calling them with a sales rep). There is now a new default contact property to monitor lawful basis, called ‘Legal Basis for Processing’, which can be set up manually or through automation. It means that you are following the rules and streamlining the process.
  • Deletion – GDPR means that it’s as easy for someone to opt-out as it is for them to opt-in and you must follow this protocol.


GDPR toggle

To make things even easier to allow you to abide the new regulations, you can switch the new GDPR toggle ‘on’ in HubSpot. This will cover you across different areas including:

  • A cookie consent banner ‘on’ by default.
  • GDPR delete functionality will appear on contact records.
  • GDPR-ready forms will be enabled.
  • Unsubscribe links in 1:1 sales emails will be enabled, by default.
  • A “consent to communicate” notice will be added to Messages, by default. In other words, contacts who engage in live chat will be shown consent notice before starting the chat.
  • New meetings links will include notice and consent messaging by default.
  • GDPR delete re-add warnings will be enabled --- if you attempt to re-add a contact to your database who’d previously been deleted for GDPR, you’ll receive a warning.
  • Your sales extension will display a banner on the contact sidebar in your inbox if you don’t have lawful basis to communicate with a recipient.
  • Any notifications (under the "bell" icon in the upper-right of your account) that contain personally identifiable information prior to May 25 will be deleted.
  • For any notifications generated after May 25, if a contact of yours requests to be forgotten, and you delete them using the new GDPR delete functionality, notifications associated with that customer will be deleted. (Source: HubSpot)


Creating forms

Making forms under the GDPR must ensure that you receive lawful basis from a form submission. HubSpot have added an extra section when creating forms that enables you to establish lawful basis. When editing a form, there is now a section for ‘marketing consent’. There are three different methods to ensure lawful basis is created within forms:

  1. Consent checkbox for communications; form submit as consent to process
  2. Consent checkboxes for communicating and processing
  3. Legitimate interest (not consent)


Subscription types

Subscription types are now replacing email types. Subscription types capture three states to show a contact’s subscription status:

  1. Opted in
  2. Not opted in
  3. Out (default)

This allows the contact to opt in to specific subscriptions – i.e. just the ones of the boxes they have ticked, and means you won’t be sending them everything without consent.



One of the key points of GDPR (as mentioned earlier) is that it should now be as easy for someone to take away their consent as easily as they gave it.

HubSpot have now made it easier for a contact to update their communication preferences, by automatically including a link on the bottom of every email that will take the contact to their email preferences page, where they can then adjust their preferences.

Deleting someone’s data in a way that is GDPR compliant is now simple through HubSpot. Instead of faffing about, you can just find a contact record, click actions and then click delete. (Note that if the GDPR toggle is ‘on’ in your account, you will be presented with two options: a ‘soft’ delete and a GDPR-compliant ‘hard’ delete).

If someone later tries to re-add someone to the database, that person will now be alerted that this person has been previously deleted.


Everything else

These are just the basics of what HubSpot has introduced to make your GDPR transition and adherence as simple as possible. It won’t make you GDPR compliant, but, it will save you loads of time from completing everything manually.

If you’re interested in how HubSpot could help you, then please don’t hesitate to get in contact here.

Scroll buttonchevron-iconcultureopinionSearchwork