**This blog was first published in June 2017, and has been updated in September 2017.
Download our GDPR guide for HubSpot users.
What is the GDPR?
Set to come into force in May 2018, the General Data Protection Regulation (GDPR) represents the most important change in data privacy and data management in the last 20 years.
More than 200 pages long, GDPR aims to unify and strengthen data privacy laws across Europe; formalising concepts such as the ‘right to be forgotten’ and giving EU citizens complete control over their personal data online. A bold ambition by any standard.
Essentially, what this means is that companies will need to be more transparent with what they do with personal data, while we, as individuals, will have more control over the information we provide. This is a big change for marketers, because in order to keep the ability to remarket to individuals, send out automated emails and target particular audiences, we need to refine our data based upon our contacts that have ‘opted-in’.
At first glance this might seem like a lot of extra effort, but as double opt-in becomes the norm, it will force marketers to clean their contact data and from it generate quality contacts.
Severe penalties await those who fail to adhere to GDPR – you’ve been warned. Businesses that suffer a data breach and have not complied with GDPR could incur a penalty of 4% of global turnover, or €20 million, depending on which amount is greater. Ouch! Also, under GDPR, the countries’ Data Protection Authority (DPA), for the UK, it’s the Information Commissioner’s Office (ICO), must be informed of data breaches within 72 hours of them being detected – so no more burying your head in the sand and praying nothing leaks out.
So, how will GDPR affect HubSpot users?
While GDPR may be a headache for some marketers, it’s mostly business as usual for those using HubSpot.
Think about it; under GDPR marketers need to receive clear, unambiguous consent from those they are marketing to if they want to engage with them – and there must be a detailed trail of consent.
For HubSpot users, we have been doing most of this all along.
Unlike interruptive marketing methods which demand people’s attention, Inbound Marketing is about earning people’s attention. Synonymous with permission marketing, where you earn the consent of the individuals you market to, Inbound Marketing is about providing valuable, helpful content which addresses the problems and needs of your future or existing customers, pulling them towards your company and product/services.
As you attract these individuals, you convert them into leads using forms, calls-to-action and landing pages on your website using high-quality ‘gated content’. Throughout the Inbound process, every exchange has been consensual and can be easily tracked through the HubSpot platform.
In preparing for GDPR, the first thing HubSpot users need to do is verify and re-qualify their lists by implementing double opt-in.
What does opt-in mean?
Double opt-in as we know it, is a requirement that you'll currently see on any German websites. This required brands and businesses to ask all existing contacts or website visitors to verify that they are happy to receive your content or marketing material twice.
However, under GDPR, you don't have to have your visitors/contacts confirm their opt-in twice. What you need to do is ensure that you are gaining consent from individuals. This means that you can't include pre-ticked boxes asking for people to subscribe to your blog. The individual must complete an affirmative action to sign up to communications.
HubSpot users need to start gaining opt-in now
By changing your HubSpot setup to require consent, you can begin to qualify your existing contact database and clean out old or incorrect data.
With the feature enabled, HubSpot can send out an opt-in request emails to contacts where you can't currently prove their consent to be contacted. For example, you might have a list of contacts who have previously signed up to your blog, but they've done this via a pre-ticked box - this does not count as consent, you'll need to get these people to consent again.
Opt-in might seem excessive, but that’s because it’s new and who likes change, right? We do! HubSpot marketers can develop extremely high-quality lists of people who are more engaged with the company. Those that actually opt-in are far more interested in what your business does and will be happy to receive further marketing material, so treat those people well!
To ensure GDPR compliance, we would suggest your forms include:
- The reasons why data is being requested;
- Information on what the data will be used for;
- Clear opt-in and opt-out rules.
Under GDPR, data must be ‘accurate’ and kept for no longer than what is ‘necessary’. With HubSpot, you can manage all of your data from HubSpot’s contact records – meaning if it’s altered in one place, those changes will be reflected across the platform.
Three tips for marketers:
HubSpot user or not, there are three straightforward tips you can follow to prepare yourself for GDPR:
- Audit your current database and try to establish whether individuals within your database have provided you with their consent.
- Have a clear understanding of your route to purchase or conversion and how those contacts came into touch with your business. If your business is asked to provide a trail of consent, you need to have comprehensive information on how you acquired the contact data.
We would recommend that you have a marketing automation platform capable of managing all marketing data that enables you update records on the fly. By George! Wouldn’t you know that HubSpot provides the necessary functionalities your business needs to ensure regulatory compliance and high-quality data capture and management.
Achieving GDPR Compliance
A Guide for HubSpot Users
The what, the when and the why when it comes to making sure that your HubSpot portal is ready for GDPR in May 2018.