A brief on GDPR & Hubspot for Marketing & Marketing Ops.
This PPT provides a brief background on GDPR & how to implement GDPR compliance with Hubspot , Facebook & Google Analytics
3. What is the
General Data
Protection
Regulatation?
To process, collect, store & use personal
information on EU citizens (UK), there
are 6 legal grounds:
a)Consent to receive communication
b)Contract
c)Legal obligation
d)Vital interests
e)Public interest
f) Legitimate interests.
4. Key Terms
➡ Data Processor: Tools Hubspot, Google Analytics, Facebook are data
processors. All tools are rolling out features to support GDPR and data
retention.
➡ Data Controller: Company - you control what we ask for on forms, e.g.
phone numbers, emails and other personal identifiable information.
➡ Right to be forgotten: We have the ability to purge a users data if they ask
us to do so.
➡ Consent: Explicit consent with clearly worded terms.
6. Do we need to email our entire
database?
No. Previously gained consent is still valid when
GDPR goes into effect. We do not need to email
our entire database to regain consent.
7. How do we get consent?
1. On forms, we have a
checkbox that asks
for consent to email
& contact them via
phone.
2. A checkbox to ask for
consent to include
their personal
information in
Facebook Custom
Audiences
3. Cookie & tracking
notification on the
website, i.e. we use
cookies & third party
tracking tools like
Google Analytics &
Hubspot.
4. Direct Mail -
Consent to use their
mailing address for
marketing purposes
Consent must be
provided freely and
without using pre-
checked boxes or
assumed otherwise.
8. 1. Cookie Consent Notice on the website - explicitly mention
Facebook, Google Analytics in the text. Links to privacy policy to
learn more about how Hudoc & third party vendors (Facebook,
Google) use personal data.
2. Point users to blockers like Ghostery or Incognito mode if they
want to avoid being being tracked.
3. Align any third party CPL Vendors & Rev Gen on GDPR
compliance: Ensure they have mentioned Hubdoc as the data
processor & ask for consent on forms & have the ability to delete
all associated information
How do we put this in
practice?
Next Steps
10. What if we don’t have a record of
previous consent?
We can cite Article 6, including Section B, F and
Recital 47 as basis for retaining & processing
personal data & using it for business/marketing
communication.
11. What counts as a legitimate interest?
“The processing of personal data for direct
marketing purposes may be regarded as carried
out for a legitimate interest. “ - Article 6
As a business, it’s a legitimate interest to pursue
profit & create jobs. However this needs to be
balanced with the individual rights. Individuals
must be given a way to opt-out and have their
information removed or appended.
13. Data Management:
Prospects are be able to:
● Opt-out of any marketing communications
● Request their information be deleted (right to be
forgotten)
● Append any data the company has on them.
● Request a copy of all data & be able to review it.
14. Systems & Process
1. Create a privacy@companyname email to process all data requests & send copies of marketing emails to as an
audit record.
2. Enabled GDPR features in Hubspot. This helps us:
○ Add GDPR consent to all Forms
○ Create subscription types to enable users to opt-in to specific communications
■ Email
■ Third Party Advertising
■ Data Processing
○ Delete contacts & all associated data
○ Track consent with new ‘Legal Basis for processing contact data
3. Google Analytics is rolling out ability to remove cookie & data and auto deletion tools.
16. Systems Item Next Steps Status
Hubspot Enabled GDPR Features
Remove old consent
checkboxes from forms.
Add GDPR Compliance
fields to forms.
In Progress
Hubspot
Add lawful basis for
processing data
Segment list into
Customers, Partners &
Prospects. Add basis for
processing data
properties
In Progress
Hubspot
Add ‘User Data for
Advertising’ Subscription
Enable optin for using
data for third party data
processing
(Facebook/Google)
Done.
Hubspot
Cookie Notice on
Hubspot hosted pages
Ask for dev help on
consent status & cookie
removal
Pending
GDPR Compliance Summary
17. Systems Item Next Steps Status
Salesforce - - -
Google Analytics Delete user data
Feature rolling out May
25th
In Progress
Facebook
Add Privacy Policy to
Facebook Lead Ads
Update privacy policy to
include data usage.
Pending
Facebook
Custom Audience
Consent
Only create custom
audiences from contacts
who have expressly
offered consent.
In Progress
Third Party Vendors
Ensure all third party
vendors are GDPR
Complaint
CPL Vendors need to
mention Hubdoc. RevGen
needs to follow any opt-
out requests
In Progress.
GDPR Compliance Summary