GDPR

Grovewilks
Member

GDPR

SOLVE

Could somebody advise on the Hubspot policy in relation GDPR that will be hitting us in May 2018.

 

How will Hubspot manage opt-in and refresh of opt-in?

How will Hubspot manage the relevant questions to allow someobody to opt-in or download web  content

How will the data that Hubspot store be managed in relation GDPR

 

There are many questions on this topic, where do Hubspot stand in general in realtion to this

3 Accepted solutions
nknoop
Solution
HubSpot Employee
HubSpot Employee

GDPR

SOLVE

Hi everyone,

 

I work on the legal team at HubSpot and help run our GDPR compliance project. I’ll try to address some of the concerns raised above, and give everyone some insight into the status of the internal project and what our plans are for 2018.

 

We are fully committed to enhancing the HubSpot platform to enable customer/partner compliance with the GDPR. We appreciate that there may be current gaps in how our product interacts with some of the key GDPR requirements; we are actively working with our Product teams to address those areas, as well as introduce new product functionality that will help you comply.

 

For example, we are working on improving the way the CRM and Email product handles and tracks consent. As a previous post on this thread has recognized, this is a huge part of the regulation and is of particular significance to marketing and sales teams. Especially considering the recent Article 29 Working Party guidance on this point, we know we need to do a better job off helping customers manage and track consent.

 

The other areas we are working on improving include the Subscription Preference Pages, notice and consent in forms/CTAs, cookie management and preferences, double opt-in improvements, and tools to help our customers comply with data subject access/modification/deletion requests. We'll be announcing these changes on a rolling basis leading up to the GDPR's enforcement date of May 25, 2018.

 

The regulatory guidance helps shape the solutions we are crafting, and that’s part of the reason we are not immediately releasing product changes. Rather than releasing new functionality now that will later have to be modified based on new interpretations of the GDPR, we want to be sure our product aligns with the groups like the Working Party before changes are finalized.

 

Apart from improvements to the product itself, we are working around the clock on how the GDPR effects other parts of HubSpot. For example, we’re digging into how integrations/Connect partners fit in a GDPR world. Further, we have involved key members of every department within HubSpot to help on this project (mainly IT, Security, Product/Engineering) to drive towards compliance by this coming May. 

 

We’ll be communicating out project updates to our customers and partners starting in late January 2018.

 

I'm happy to chat with anyone, so if you have specific questions or concerns, feel free to reach out via direct message and include your email address. 

 

Nick

View solution in original post

nknoop
Solution
HubSpot Employee
HubSpot Employee

GDPR

SOLVE

Hi everyone - we posted a project update to the GDPR page (see here). I've also copied the list of product functionality / other items we are working on below.

 

  • New tools in form builder to help ensure proper notice and consent
  • Ensuring that end users are able to manage their communication preferences in a way that puts control in the data subject's hands
  • Improvements to double opt-in functionality
  • Ability to easily understand what consent customers have given, when, and the history of changes to that in the relevant parts of the product
  • Ensuring an easy means of exporting the personal data of a data subject
  • Bolstered deletion functionality to comply with right to erasure
  • Enhanced cookie management and preferences with localized privacy notices
  • In-portal guidance and suggestions on how to address key data privacy rules
  • Work with our certified integration partners on solving for the GDPR

View solution in original post

Phil_Vallender
Solution
Most Valuable Member | Diamond Partner
Most Valuable Member | Diamond Partner

GDPR

SOLVE

Thanks @nknoop!

 

This announcement is much appreicated and, I feel, deserves its own thread, which I have started here: HubSpot's GDPR product roadmap has been released

 

Phil Vallender | HubSpot Website Agency

View solution in original post

0 Upvotes
50 Replies 50
nknoop
HubSpot Employee
HubSpot Employee

GDPR

SOLVE

We just launched our GDPR product readiness page, which includes a product roadmap with changes we're making between now and May 25. Check it out here

 

LeeHouse
Participant

GDPR

SOLVE

*sigh* Like so many on here we all understand that you are working on it.

You have made a page telling us what you are doing. Thats lovely.

However its now less than 2 weeks before this is Law and still no tools to help us comply.

WHAT am i paying for? This is one of the biggest things in law for a long time and to get a mail telling me i can buy a new support module for Hubspot rather than working on what you should be really erks.

Can someone please just tell the truth and when it states available early May on your GDPR page please tell us why mid May its still not available. 

 

ojobson
Top Contributor

GDPR

SOLVE
Well said LeeHouse. On a personal al note this will also reflect poorly on me if the product I sold into the company isn’t going to be GDPR compliant. Help us out here will you Hubspot?
IlkkaTuominen
Contributor

GDPR

SOLVE

Question, is there anyway to link to the user email preferences page from a website page similar to the email footer where it's usually located.

We would like to have this option for people to click to see the preferences page from the Notice and Consent / Legitimate Interest (GDPR) / Process consent text section together with our Privacy Policy link. Thanks!

Phil_Vallender
Solution
Most Valuable Member | Diamond Partner
Most Valuable Member | Diamond Partner

GDPR

SOLVE

Thanks @nknoop!

 

This announcement is much appreicated and, I feel, deserves its own thread, which I have started here: HubSpot's GDPR product roadmap has been released

 

Phil Vallender | HubSpot Website Agency
0 Upvotes
apifon
Participant

GDPR

SOLVE

Hey,  keep this thread up-to-date as we approach to GDPR day. Hubspot released this on January 2018.  Get Ready for GDPR: Features You Can Start Using On Your Path to Compliance

johanvdc
Contributor | Diamond Partner
Contributor | Diamond Partner

GDPR

SOLVE

Same (massive) concerns here. Lot's of questions on the product - and general need for guidance from HS, as leader in the space. The time to act is long, long overdue. Communication and roadmap should be apparant asap. 

SineadIreland
Participant

GDPR

SOLVE

check out the product readiness page 

 

https://www.hubspot.com/data-privacy/gdpr/product-readiness

 

0 Upvotes
SineadIreland
Participant

GDPR

SOLVE

I am being asked regularly by the directors of our company to outline our GDPR compliance plans for sales/marketing ahead of the 25th May deadline. It is very frustrating not to be able to respond with any sort of clarity.  So many aspects of GDPR  compliance relate back to how Hubspot is going to handle it.  Time is ticking. We would appreciate an update asap please.

 

 

nknoop
Solution
HubSpot Employee
HubSpot Employee

GDPR

SOLVE

Hi everyone - we posted a project update to the GDPR page (see here). I've also copied the list of product functionality / other items we are working on below.

 

  • New tools in form builder to help ensure proper notice and consent
  • Ensuring that end users are able to manage their communication preferences in a way that puts control in the data subject's hands
  • Improvements to double opt-in functionality
  • Ability to easily understand what consent customers have given, when, and the history of changes to that in the relevant parts of the product
  • Ensuring an easy means of exporting the personal data of a data subject
  • Bolstered deletion functionality to comply with right to erasure
  • Enhanced cookie management and preferences with localized privacy notices
  • In-portal guidance and suggestions on how to address key data privacy rules
  • Work with our certified integration partners on solving for the GDPR
Masacs
Member

GDPR

SOLVE

What my concern is that if my contact data is stored on servers that are situated in Europe? Because this is a big dealbreaker if it isnt.

 

Also I will need to be able to setup a processor's agreement between myself and Hubspot as I am storing contact info about my customers on the hubspot servers

0 Upvotes
sachahydra
Participant

GDPR

SOLVE

Hi there, for concerns regarding legality and processors agreement my advice is to consult a legal company. 

Your privacy policy will then detail how your organisation captures and stores data using third party data processors e.g. Hubspot, Zendesk etc.

 

Hydra have the same issues as will all clients who use Hubspot as their data processor as Hubspot data is stored both in and outside the EEA and outside if transfered to the US there is the Data Privacy Shield.

 

There is a lot of detail to cover and understand and I don't recommend you try to do it yourself.   It is much better to get proper legal advice.

 

0 Upvotes
Masacs
Member

GDPR

SOLVE

I got all me legal documents in order already except having the processor's agreement I need to setup with hubspot.

 

This needs to happen before 25th of may or else I am forced to abandon hubspot in search of a company I can actually reach. 

0 Upvotes
ShariM
Contributor | Platinum Partner
Contributor | Platinum Partner

GDPR

SOLVE

Hi, I've read through all the GDPR compliance info and Hubspot's roadmap for updates in this area, but I am unclear about one point. Will there be a distinction on the preferences page between "remove me from mailing lists" and "delete all my information"?

 

 

People have always been able to update their subscription preferences. As I understand it, Hubspot is updating this page to ask people to "opt-in" to the lists they want to be on (instead of "opting out" of the ones they don't want to be on). 

 

However, I don't see anything related to how people request to have their contact information completely deleted.  Is this going to be addressed on the preferences page, or elsewhere? Do we need to set up specific pages with forms to handle these "deletion" requests?

 

Because even if people select "remove me from all mailing lists" this is not the same thing as "delete me completely from your database". How will Hubspot be handling this?

 

 

0 Upvotes
nknoop
HubSpot Employee
HubSpot Employee

GDPR

SOLVE

Yes, there will be a distinction between "GDPR delete" and unsubscribe. The GDPR delete button will be unique and will delete all record of the contact throughout the platform. This is distinct from unsubscribe, where you can still opt a contact out of receiving emails, but the contact record will remain in your database. 

 

0 Upvotes
JoeDavies
Top Contributor | Elite Partner
Top Contributor | Elite Partner

GDPR

SOLVE

@nknoop will this allow for us to keep an email address only, so as to act as a suppression list, to ensure opt-out contacts do not return to the system when they shouldn't? This would be essential and from my understanding, completely acceptable under legitimate interests.

Deleting the record as a whole using this approach would open up the possibilities for errors such as re-uploading customer/subscriber lists and marketing to people that had expressly opted out. How does this button deal with this?

0 Upvotes
c2b2
Participant

GDPR

SOLVE

Hi - I'd imagine most organisations will want to handle full or partial data deletions under a request procedure due to the potential complexities of what data can or should legitimately be deleted.  

 

Example being that if there is a legal requirement to retain specific data for a period of time, partial deletion of data would be the most appropriate way to handle a request. You'd need to document the criteria and process for handling such things in your GDPR policies - but regardless, it would be a highly tricky thing for HubSpot to handle automatically, so my expectation is that they wouldn't go near any functionality that would enable the consumer to control data deletion.

0 Upvotes
ShariM
Contributor | Platinum Partner
Contributor | Platinum Partner

GDPR

SOLVE

What I wanted to know is on the "Manage email preferences" page, will the USER see BOTH options? So they can choose  either : 1) Delete all my contact information from your database  OR

2) unsubscribe me from all lists.

 

Will the USER be given the option to either?

0 Upvotes
c2b2
Participant

GDPR

SOLVE

When are we going to get a new update on progress?

ddabbs
Member

GDPR

SOLVE

@nknoop

 

This is a nice list and addresses certain aspects of GDPR processing comipliance. But GDPR 'raises the bar' for the consent, mandated by the 2009 ePrivacy Directive, one must obtain from the user to access their device (i.e. read & set cookies). Post-GDPR unambiguous consent is required as opposed to today's implied consent. 

 

As far as I can tell, HubSpot always sets a tracking cookie before the user has consented or been presented with any cookie/privacy banner, and that is not in line with the ePD (as we understand the post-GDPRlandscape). I've included an excerpt below from a EU-based law firm's GDPR blog on the topic. 

 

....the ability to maintain that an implied consent is unambiguous depends upon at least a couple of critical factors: first, the prominence of the cookie banner itself ....; second, the timing of the cookie drop - if cookies are dropped at the same time as the banner, as is very often the case today, then it’s more-or-less impossible to maintain any argument that the visitor “unambiguously” consented to those cookies, given that they only learned about them after the cookies had already been served. To have a decent argument for unambiguous implied consent, the user at least needs to be informed about, and have the opportunity to decline, cookies before they get served.

Excerpted from http://privacylawblog.fieldfisher.com/2018/gdpr-plus-e-privacy/

 

Any feedback on this from HubSpot would be appreciated.

 

David