Business units for different Regions to align with privacy policies, from one hubspot portal

galvanA81 · ‎Dec 16, 2024

My question is, if it is possible to have 1 hubspot portal, that for example we base in the US, but within that portal have several Business Units based on the region in which we operate, and then have each different Business Unit align in compliance with any privacy policies of the region, so GDPR for europe or CCPA for california

Lucila-Andimol · ‎Dec 16, 2024

Hi @galvanA81

it is possible to handle different cookie banners and subscriptions by Business Units

but for the moment Consent for GDPR/CCPA is only 1 main by portal.

About CCPA you can read more here on how HubSpot applies https://www.hubspot.com/data-privacy/ccpa/ccpa-compliance

Beside this, the other important thing to consider that Jennifer mentions is the data hosting (1 per account)

which will really make you think about using 1 main portal with BU or different portals.

Hope this helps

María Lucila Abal
COO Andimol | Platinum Accredited Partner

HubSpot Expert, Top Community Champion | Hall of Fame IN23&IN24
Certified Trainer (12+ years) | SuperAdmins Bootcamp Instructor

Have questions? Get answers:

Get Premium Support

Did my post help answer your question? Mark this as a solution.

View solution in original post

franksteiner79 · ‎Dec 16, 2024

Hi @galvanA81

My 2 cents on this...

If GDPR is a concern you should opt for hosting in the EU and not in the US.
Handling different privacy rules via Business Units is possible in theory but complex, non-scalable and impractical.
GDPR compliance is based on a contacts citizenship - a German living in the US and being serviced by a US team, is is still eligble to his rights under GDPR, which makes a regional approach mute.

GDPR is one of the most comprehensive requirements, on which most other regulations are based, for example CCPA is not nearly as "restrictive" as GDPR, so by being GDPR compliant you will most likely be complying with other regulations.

Disclaimer, this obviously does not constitute legal advice but my recommendation would be to adhere to the strictest privacy rules and apply these across the whole database.

Frank

Found my comment helpful? Great! Please mark it as a solution to help other community users.

Frank Steiner

Marketeer | HubSpot Expert | CRM Consultant

InboundPro

Let's Talk About Your Project

View solution in original post

StephaneLM · ‎Jan 27, 2025

Hi @galvanA81 - Hubspot isn't the only solution. Check out free privacy solutions out there, such as Ketch Free cookie banner, that helps you serve the proper privacy experience based on location/jurisdictions, and it will work great with Hubspot too.

Lucila-Andimol · ‎Dec 16, 2024

Hi @galvanA81

it is possible to handle different cookie banners and subscriptions by Business Units

but for the moment Consent for GDPR/CCPA is only 1 main by portal.

About CCPA you can read more here on how HubSpot applies https://www.hubspot.com/data-privacy/ccpa/ccpa-compliance

Beside this, the other important thing to consider that Jennifer mentions is the data hosting (1 per account)

which will really make you think about using 1 main portal with BU or different portals.

Hope this helps

María Lucila Abal
COO Andimol | Platinum Accredited Partner

HubSpot Expert, Top Community Champion | Hall of Fame IN23&IN24
Certified Trainer (12+ years) | SuperAdmins Bootcamp Instructor

Have questions? Get answers:

Get Premium Support

Did my post help answer your question? Mark this as a solution.

Jnix284 · ‎Dec 16, 2024

@galvanA81 one thing to consider will be the server location, if you open a HubSpot account in the US the server is based here as well. There is a dedicated server for the EU for EU HubSpot accounts. If this will be important to your GDPR and/or privacy policy then you likely would want separate accounts rather than business units.

There are many considerations and it's difficult to make a recommendation for what's appropriate without understanding your business structure and would also require consulting with your legal team.

I highly recommend having your legal team review the HubSpot Trust Center (https://trust.hubspot.com/) to determine the best configuration.

If my reply answered your question please mark it as a solution to make it easier for others to find.

galvanA81 · ‎Dec 16, 2024

But wouldn't it be possible to work around the US based server by customizing each Business Unit for the specific Privacy Policies for each region, since Business Unit is a Property?

franksteiner79 · ‎Dec 16, 2024

Hi @galvanA81

My 2 cents on this...

If GDPR is a concern you should opt for hosting in the EU and not in the US.
Handling different privacy rules via Business Units is possible in theory but complex, non-scalable and impractical.
GDPR compliance is based on a contacts citizenship - a German living in the US and being serviced by a US team, is is still eligble to his rights under GDPR, which makes a regional approach mute.

GDPR is one of the most comprehensive requirements, on which most other regulations are based, for example CCPA is not nearly as "restrictive" as GDPR, so by being GDPR compliant you will most likely be complying with other regulations.

Disclaimer, this obviously does not constitute legal advice but my recommendation would be to adhere to the strictest privacy rules and apply these across the whole database.

Frank

Found my comment helpful? Great! Please mark it as a solution to help other community users.

Frank Steiner

Marketeer | HubSpot Expert | CRM Consultant

InboundPro

Let's Talk About Your Project

LCarey6 · ‎Jan 14, 2025

Hi - curious about point 2 though and how it is achieveable?

Account & Settings