HubSpot's GDPR product roadmap has been released

Highlighted
Community Thought Leader | Diamond Partner

HubSpot have published their product roadmap for GDPR. This is a very welcome move. 

 

You can see the roadmap here: GDPR & HubSpot Here’s what we’re doing to help you comply.

 

I'm really happy with much of what's on this roadmap, and its aligns with things I was just about to implement manually. 

 

The confusion I still have is about the difference between lawful basis to process (GDPR) and to send email (PECR). If consent is the required lawful basis for both (not necessarily my view), then my understanding is that these need to be obtain separately. 

 

Still, this is a huge step forward. Thank you HubSpot. 


What does everyone else think about these announcements?

Phil Vallender | Inbound marketing for B2B technology companies
7 Replies 7
Community Superstar


2000px-Ok_sign_font_awesomeDid my post help answer your query?

Help the Community by marking it as SOLVED

 

Excellent information. Will certainly help most HubSpot users to easily and quickly remedy the vast majority of GDPR-compliance related use cases inside HubSpot.

 

Error: It appears that the #productroadmap, #opportunity, and #faq elements on that page use 'name' instead of 'id' which may be contributing to a scroll issue when selecting those options from the menu (on desktops). Once the 'Product Roadmap', 'From Obstacle to Opportunity', or 'FAQ' menu options are selected you can no longer scroll on the page -- Tests: Chrome v65.0.. on PC fails. Firefox v59.0.. on PC fails. Chrome on Android and iOS works fine. Can't test on Mac until next week.

 

hubspot-forum-signature-badge-v01.png

Regular Contributor

Hi, I've read through all the GDPR compliance info and Hubspot's roadmap for updates in this area, but I am unclear about one point. Will there be a distinction on the preferences page between "remove me from mailing lists" and "delete all my information"?

 

 

People have always been able to update their subscription preferences. As I understand it, Hubspot is updating this page to ask people to "opt-in" to the lists they want to be on (instead of "opting out" of the ones they don't want to be on). 

 

However, I don't see anything related to how people request to have their contact information completely deleted.  Is this going to be addressed on the preferences page, or elsewhere? Do we need to set up specific pages with forms to handle these "deletion" requests?

 

Because even if people select "remove me from all mailing lists" this is not the same thing as "delete me completely from your database". How will Hubspot be handling this?

 

(Cross-posted)

Reply
0 Upvotes
Community Thought Leader | Diamond Partner

Hi @ShariM

 

HubSpot will be rolling out GDPR-compliant deletion in the very near future. I dont think it will be availabe from the email preferences page, though, as that would be quite risky and goes beyond the requirements of GDPR. 

 

Under GDPR, data subjects have the right to request to be forgotten, rather than the right to remove themselves from your systems. In some special cases, their right to forgotton may be overridden by the lawful bassis for processing. So I think that it's best that this power be kept in the administrators' hands. 

 

Hope this helps.

Phil Vallender | Inbound marketing for B2B technology companies
Reply
0 Upvotes
Top Contributor

As an extention to this - to comply with the right to be forgotten you may need to do further work outside of HubSpot to honour such a request. You may have PII from the data subject in other systems (in the case of existing/past customers) which you will be obliged to remove (as long as it doesn't interfere with the execution of a contract or your legal obligations to keep financial records etc as Phil rightly points out).

Regular Contributor

Hi @Phil_Vallender Thanks for your reply. I agree. I wasn't however, suggesting that subscribers be able to delete themselves, but rather than there is an option that they request to have their information deleted. Right now, I guess the only way is to send an email to someone at the company, but how will they know who or which address?

 

Or is that supposed to be included in the privacy policy page perhaps?

Reply
0 Upvotes
Top Contributor

Right now I have two issues - clarity over control and access to our data (the PII we are collecting and storing in our hubspot portal):

  

HubSpot's terms of service and privacy policy are also still too vague for our legal teams to be happy with. Unless there is more clarity on what HubSpot do with our data subjects personal information in HubSpot's and HubSpot's partner's systems then we may have a problem using 'legitimate interest' to process data for marketing and business development activities that involve hubspot.

 

The crux of the issues seems to be that HubSpot's privacy policy and HubSpot's terms of service do not do enough to A) define 'Customer Data', (is this the Personal Information of the data subjects who are HubSpot's customers, OR the Personal Information of the data subjects whom HubSpot's customer's themselves are processing OR both of the above), and B) define the limits of access and use by HubSpot and HubSpot's partners of this 'Customer Data'.

 

Finally, it is now 'Late May' not 'Early May' and we are still waiting for some critical parts of the GDPR compliance road map to be delivered.

 

I am being questioned by senior management and our legal teams in my organisation about GDPR compliance and quite frankly HubSpot aren't making me or HubSpot look great.

 

If HubSpot want a purchase order from our company to renew our hubspot services in the next billing cycle then HubSpot are going to need to up their game and quickly. Right now it will be a struggle to get it approved.

Reply
0 Upvotes
Top Contributor

--deleted--

Reply
0 Upvotes