Data privacy+consent - Enhancements for larger companies+to make consents legally safer


Target Group of Idea

  • Admins of multi-country organisations
  • Companies with strict legal teams which take data protection serious

Improvements desired

Data Privacy & consent defaults: Allow manually adding languages

for companies with several legal entities this makes sense. As soon as you have 2 countries sharing a language you need 2 sets of defaults (for mentioning different legal entities in the GDPR options below a form). Right now you can set only a single default and the second country would have to edit the values every time when they create a form.


Data Privacy & consent: Default text per language and per subscription type

Right now you can set a single default text per language that all subscription types will share. This makes little sense when you have several valid subscription types that have different content (say "newsletter" and "event notifications"). Right now independent of which subscription type you select in a form it will show a single text as default (which means again that you have to manually overwrite this every time you use a different subscription type).


GDPR texts and subscription types: granular permission management

  • User permission setting to allow/disallow editing of GDPR texts and subscription type texts (what is shown next to the checkbox) when creating a form. Right now you can align the perfect legal texts with your legal department, but every marketeer can use a different version under their form
  • User permission setting to allow/disallow creation/editing of subscription types. Right now this is connected to email permissions, but in larger organizations you want people to write emails without being able to create their own STs

Versioning of subscription type default texts

Store the history of all subscription type texts (descriptions and values used in forms) and store on contact level which version someone agreed to. This needs to be searchable in lists/workflows/... so that you can treat contacts with different versions differently. Example: only people with V3 upwards of our marketing consent get surveys since before we only asked for newsletters reception.


Store the exact wording of a GDPR consent checkbox's text in the "Subscription Change" event on contact level

Imagine the following: you have 20 different forms using the GDPR checkbox for "consent to communicate" that all reference the same subscription type. Different people work on these forms. Over time the consent texts change. Since right now all your marketeers can overwrite the consent texts in each form and the changes are not even versioned, you will come into the situation where you do not know what a contact with a certain subscription type has actually agreed to.

When your consent says "I agree to receive marketing content from time to time" and later (or in different forms) the text for the same subscription type is "I agree to send my firstborn to work in the mines of your company", it would be great to actually be able to see & prove what the contact agreed to. Right now you just cannot.

Therefore I suggest to store the exact wording of the checkbox at the time of the opt-in on contact level in the event "Subscription change".


Value Add

  • Big step forward for admins of bigger/international companies since right now those cannot ensure that consents and legal texts are used consistently.
  • Legal safety of actually being able to prove what a contact agreed to.
  • Preventing subscription type chaos as an admin.
  • Save form creators a lot of work (overwriting text defaults that are wrong for their country or overwriting subscription type texts that are wrong)
  • Reduce errors that happen when you need the absolutely correct texts below a form, but the process relies on form creators remembering to copy and paste the correct texts from another place into their hubspot form