HubSpot Ideas

fredrikli

GDPR In compliance - Delete inactive contacts

Hi,

 

The basic principle of GDPR regulations

"CHAPTER II

Principles

Article 5"

https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1528874672298&uri=CELEX:02016R0679-20160504

"(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;"

We are in breach of GDPR as long as we can't have a automated functionality to remove contacts from HS that have been inactive for XX amount of time.      

HubSpot Updates
Re: GDPR In compliance - Delete inactive contacts
February 14, 2022 12:40 PM

Thanks for suggesting this. How would you expect that to work? For instance, if you receive a notification that X amount of contacts will be deleted in 14 days/7 days/1 day before the automatic action happens, do you see any issues with that?

 

Best,

Maggie

7 Replies
KGimadullina
Member

It is a GDPR prerequisite to delete contacts after 3 years of them not actively interacting with a website. Could you develop the feature to delete contacts automatically for companies working in Europe to be compliant to the new law (starting from April)? 

 

We need this feature as soon as possible, really... 

twatson
Participant

Yes, this is needed along with a bulk delete or archive function. Hubspot is making compliance to GDPR harder, not easier.

twatson
Participant

This is needed, along with a bulk delete or archive feature. The way it is now, Hubspot is making it harder to comply with GDPR, not easier.

mgeorgieva
HubSpot Product Team

Thanks for suggesting this. How would you expect that to work? For instance, if you receive a notification that X amount of contacts will be deleted in 14 days/7 days/1 day before the automatic action happens, do you see any issues with that?

 

Best,

Maggie

Winqvist
Contributor

Hi, it would be great if this became a standard feature in HubSpot!

 

We have implemented a new parameter (GDPR Last activity date), a date that is updated based on the latest activity of a Contact (there are a few different parameters you can check). Based on your retention period, how long you decided to save contacts according to consent, we compare this with the GDPR Last activity date. If the contact needs to be deleted we send an email to the Contact Owner for deletion.

CAndersen7
Member

Hi, 

I would like to bump this up. 

In terms of how it should work, it could be on a rolling basis, so contacts are automatically deleted on a set date after last interaction. 

It could also be a quarterly clean up, where all contacts set to "expire in the coming quarter are put into a list and then the admin can chose whether to keep individual contacts. 


lhaith
Contributor

For the time being, you can achieve this quite easily using contact lists. Create a list, then you can delete those in the list. Set a bunch of requirments if you like.

 

last visit on website over two years

last conversion over three years

one year since last form submission / last email enquiry etc etc

 

just be sure to exclude those you dont want to delete, for whatever reason, like customers.