The days of email blasts to lists of contacts are coming to an end. The EU and California instituted more stringent privacy laws in 2018. More states and regions are soon to follow. If you use HubSpot, and email to contacts in the EU or California, here are some tips on using their GDPR functionality.
Maintaining data privacy and security is essential for organizations’ risk management. You are responsible for all of your prospect’s and client’s data. In April 2018, the EU instituted the General Data Protection Regulation, a law that defines how companies can store and use data related to people. California enacted the CCPA, or California Consumer Privacy Act, in June 2018. The fines for violating these laws are very high, so it’s important to think critically about your email strategy for contacts in California or the EU.
For all the details, read the Complete Guide to GDPR Compliance and California Consumer Privacy Act (CCPA).
HubSpot has some GDPR settings that can help ensure you’re not emailing people in violation of the laws. To locate them, go to Settings > Account defaults and toggle the EU General Data Protection Regulation button.
Before you turn it on, there is one important thing you need to know.
Any contact in your database that does not have a subscription type will not receive any marketing email you send. Here’s how to make sure contacts are appropriately marked, so they get the intended communications from you.
Review your contacts to make sure everyone that is supposed to have a Subscription Type actually has one. Create a sales filter labeled “Subscription Type = Not Yes,” with the following properties: Opt out of [choose all your subscription types] is “not yes.” This list contains everyone in your database that does not have a subscription type. They will not receive your emails.
There are two ways to add a subscription type:
- Bulk update contacts by clicking the checkbox next to the contacts you want to update, then click More. Choose Edit communication subscription types and select what you want to opt them in to. Click subscribed and enter an explanation for communication consent. We typically use “legitimate interest.”
- When you have the HubSpot GDPR setting activated, you can also update the subscription type on the contact record.
Next, you’ll want to update the “Legal basis for processing contact’s data.” You can update the field at the same time you set the subscription type, whether you’re doing it on the contact record or as a bulk update. Choose the reason why it’s okay to email them, such as:
- Legitimate interest - prospect
- Legitimate interest - customer
- Legitimate interest - other
- Performance of a contract
- Freely given consent
- Not applicable.
“Not applicable” means that GDPR or CA privacy laws don’t apply to that contact.
I recommend reading up on the laws and review your email marketing strategy and contact settings for those who email to contacts in California or the EU. Hopefully, these tips will help you ensure everything is set up correctly and that your emails are delivered to the right contacts.