New contact import disclaimer and GDPR

Urgamanix · 3 weeks ago

Good evening

We hold a separate data warehouse from HubSpot, and occasionally import contacts from it into HubSpot. I noticed recently that there has been a change to imports, with a disclaimer stating to agree that all contacts are expecting to hear from the organisation, have been emailed at least once, and not obtained through a third party.

This implies that there was be a breach of GDPR guidelines if the contacts had not been contacted prior to inclusion into HubSpot (which misses the entire point of a CRM), or if data was obtained via a third party.

This is a significant misconception. GDPR allows for data processing under "legitimate interest" that includes marketing. There is no stature that says an individual has to willingly provide their contact details or opt-in as the initial engagement. There is also no stature in GDPR policy that says information can not be obtained by third parties.

What GDPR policy dictates, is that individuals have to be notified if a company that is processing their data passes it on to another company; the individual also has to be informed of why the company is processing their data, what data is held about them, and the option to completely opt-out and / or delete their data from the company's database.

I feel adding this disclaimer is misguided and will significantly hurt HubSpot - in fact it would be a deal breaker for continued use of the platform in my case. I know Salesforce for example does not have a similar disclaimer.

karstenkoehler · 3 weeks ago

Hi @Urgamanix,

Happy to reply here. Not a legal professional so my reply does not constitute legal advice in any way or form. Not speaking on behalf of HubSpot either, just making educated assumptions.

@Urgamanix wrote:

This implies that there was be a breach of GDPR guidelines if the contacts had not been contacted prior to inclusion into HubSpot (which misses the entire point of a CRM), or if data was obtained via a third party.

Well, not necessarily, I would disagree. HubSpot doesn't connect this step of the import to GDPR. I would say that this is more so tying in with HubSpot's acceptable use policy: https://legal.hubspot.com/acceptable-use

... the overall goal being the protection of the email infrastructure of HubSpot, I would assume. If imported lists do not meet the mentioned criteria, there is a lot higher risks of bounces, emails marked spam, calls marked spam and overall damage to the HubSpot infrastructure.

It is indeed interesting that HubSpot made this change and effectively forbids certain use cases which other platforms allow, yes. As far as I can tell, HubSpot is perfectly in the right to do so and leaves the choice of whether to stay with HubSpot or leave to another platform to its users.

Best regards

Karsten Köhler
HubSpot Freelancer | RevOps & CRM Consultant | Community Hall of Famer

Beratungstermin mit Karsten vereinbaren

Did my post help answer your query? Help the community by marking it as a solution.

View solution in original post

karstenkoehler · 3 weeks ago

Hi @Urgamanix,

Happy to reply here. Not a legal professional so my reply does not constitute legal advice in any way or form. Not speaking on behalf of HubSpot either, just making educated assumptions.

@Urgamanix wrote:

This implies that there was be a breach of GDPR guidelines if the contacts had not been contacted prior to inclusion into HubSpot (which misses the entire point of a CRM), or if data was obtained via a third party.

Well, not necessarily, I would disagree. HubSpot doesn't connect this step of the import to GDPR. I would say that this is more so tying in with HubSpot's acceptable use policy: https://legal.hubspot.com/acceptable-use

... the overall goal being the protection of the email infrastructure of HubSpot, I would assume. If imported lists do not meet the mentioned criteria, there is a lot higher risks of bounces, emails marked spam, calls marked spam and overall damage to the HubSpot infrastructure.

It is indeed interesting that HubSpot made this change and effectively forbids certain use cases which other platforms allow, yes. As far as I can tell, HubSpot is perfectly in the right to do so and leaves the choice of whether to stay with HubSpot or leave to another platform to its users.

Best regards

Karsten Köhler
HubSpot Freelancer | RevOps & CRM Consultant | Community Hall of Famer

Beratungstermin mit Karsten vereinbaren

Did my post help answer your query? Help the community by marking it as a solution.

Urgamanix · 3 weeks ago

Hi Karsten

If the reason for this disclaimer is email infrastructure protection, then it doesn't make sense. There are already safeguards in for minimising or blocking email spam. In addition, there's more than could be done (but in the correct places) - for example forcing customers to pay for an integrated "zero-bounce" service (which we do outside of HubSpot regardless).

karstenkoehler · 3 weeks ago

@Urgamanix I'm not going to argue on behalf of HubSpot, I'm a user / customer like you. What I wrote is what I assume plays into it. In any case, I don't think it's exclusively motivated by GDPR.

If you want a reply directly from HubSpot, I'd recommend reaching out to your HubSpot customer success manager.

Karsten Köhler
HubSpot Freelancer | RevOps & CRM Consultant | Community Hall of Famer

Beratungstermin mit Karsten vereinbaren

Did my post help answer your query? Help the community by marking it as a solution.

Urgamanix · 3 weeks ago

agree - thanks Karsten!

CRM