As always you can listen by watching this video or read on...
Now that we're a few months into GDPR and we've had plenty of time to test the new processes and procedures we rolled out to our Automotive clients, they've worked well, so now lets pass on what we've learnt to help you make GDPR-friendly updates and to know what are some tools for regulatory framework for managing cookie consent on your website, notice and consent where you capture data, and responding to requests.
The previous posts in our GDPR for Automotive series gave you ideas of what to consider. This post is the how to of exactly what you can do to be GDPR-friendly.
To use our recommendations you need to be using HubSpot CRM. Learn more here about HubSpot CRM and our implementation service.
FYI: This is not a legal document. You should seek legal advice to ensure you are GDPR compliant and this might mean modifying some of the updates detailed in this article. If you'd like legal advice then read our GDPR Compliance page and book a free GDPR consultation.
Use HubSpot and you'll already have the HubSpot tracking code on your website, which means a lot of features can be managed from inside HubSpot without the need for a programmer to make updates on your website. Use the HubSpot ‘cookie consent banner’ so your visitors can accept or decline being tracked on your website.
More details on this feature here…
The settings you can use:
Notes for you:
You can turn this on for all HubSpot hosted data capture points (a) on your website (forms, lead flows, document share link forms, messages) and (b) in meetings links.
Notice and Consent that you can use
You'll go into the HubSpot 'Settings' area --> Contacts & Companies --> Privacy and consent and manage it all from there. Then notice and consent will be added automatically to any new forms that you create.
Legitimate interest
By submitting your details you agree we can store your data and contact you. Read all in our Privacy Policy.
Privacy policy
Read all in our Privacy Policy.
Consent to communicate
Join our mailing list to receive one monthly email with insider tips for sales, marketing, and websites to help grow your business.
[ ] TICK THE BOX TO JOIN THE MAILING LIST
Consent to process data
Explicit: By ticking the box you agree that we can store your data
[ ] I agree to allow The Tree Group to store and process my personal data.
Implicit: By submitting your details you agree that we can store your data.
Notes for you:
Use the HubSpot Meetings tool that links directly to your Google Calendar or Office365 Calendar to make it easy for leads, prospects, and customers to book meetings (without bouncing emails back and forth trying to find a time).
GDPR features are turned on for each meeting link, as you can have different types of meetings, and let HubSpot handle legal basis for processing and communicating.
Watch this video on how to update Meetings links
You need a legal basis to store and process contact data. To help you comply, there’s a new Contact property in HubSpot CRM called ‘Legal basis for processing contact’s data’ and it allows you to view, edit, and audit the legal basis for processing for every contact.
In HubSpot, this property can be edited in Settings → Properties → Contact properties
More details on this feature here...
The options you can tick for each contact
‘Freely given consent from contact’ is automatically updated when a contact fills out a HubSpot data capture point and gives consent for you to store and process their data.
Make sure you’ve installed the HubSpot inbox extension for Outlook and Gmail.
Watch this video on how to view, edit, and audit ‘Legal basis for processing contact’s data’
We recommend you consult relevant regulatory guidance on whether you should rely on legitimate interest. For example, the ICO has released this guidance on legitimate interests.
Before proceeding with this step, you will have already completed SALES ACTIVITY 1 onwards.
This step is required so you can email a contact (from inside your HubSpot CRM) or enroll a contact in a Sequence (from inside your HubSpot CRM or Outlook/Gmail).
‘Communications subscriptions’ are automatically updated if a contact fills out a HubSpot data capture point and gives consent for you to communicate with them. The consent they give depends on what you asked them to do. You might only ask for consent to follow up with sales emails (permission to email them from inside HubSpot CRM and enroll them in Sequences) or to add to them to your mailing list. If you don't ask for consent to add them to your mailing list, you need to ask for that separately and then update their Communication subscription (if you use HubSpot Marketing Starter of above with the email marketing tool) or create then update a property for ‘Opted-in to marketing emails’ then have that sync out to your 3rd party tool using this cloud syncing tool.
Watch this video on how to view, add, and edit ‘Communication subscriptions’
Before proceeding with this step, you will have already completed SALES ACTIVITY 1 onwards.
This step is required so you have a central record of all activity.
Option 1 - Inbound lead (from HubSpot data capture point)
The contact will have filled out one of your HubSpot data capture points (website; forms, lead flows, live chat, or document share link forms, and meetings links)
Option 2 - Inbound lead (from non-HubSpot form)
The contact will have filled out a non-HubSpot form on your website
Option 3 - You email the contact and have the ‘Log in CRM’ box ticked
Watch this video to see how you can control how emails are logged.
Option 4 - You manually add a contact to your HubSpot CRM
In this case, for each contact, you must update their properties for ‘Legal basis for processing contact’s data’ and create then update the ‘Referred by’ property so you have a record of where their contact details came from. You also need to update their ‘Communication subscription’.
Use LinkedIn
Watch this video on how to use the LinkedHub Chrome extension.
Publicly available data on the company’s website or using Hunter.io
Watch this video on how to use the Hunter.io Chrome extension.
Before proceeding with this step, you will have already completed SALES ACTIVITY 1 onwards. This step is required if you want to email a contact.
Create a GDPR snippet
In HubSpot you have a feature called Snippets which make it easy to store short pieces of text to drop into emails.
Create a snippet that is GDPR-friendly such as:
I'm contacting you because __________. I found your details on __________ and thought you'd find this email helpful for your work at __________.
Can I add you to our mailing list so you get the latest updates on business growth (you'll always have the opportunity to unsubscribe and request/modify/delete your data)?
Add the ‘GDPR snippet’ to the first email to each contact
This shows you’re ethical in how you approach people. It explains why you’re contacting them, where you got their details, asks if they’d like to join your mailing list, and explains that they can always unsubscribe and request/update/delete their data.
Watch this video on how to use the Snippet feature:
Before proceeding with this step, you will have already completed SALES ACTIVITY 1 onwards. This step is required if you want to send a contact email marketing.
Option 1 - Use 'Communication subscriptions' - if using the HubSpot email tool
Option 2 - Use the ‘Opted-in to marketing emails’ property if you use a 3rd party email marketing tool
Watch this video on how to view, edit, and audit the ‘Opted-in to marketing emails’ property:
NOTE: If you use a 3rd party tool and have the cloud sync setup, will see new contacts being added to HubSpot CRM where the original source shows ‘INTEGRATION’ which means they came into the CRM because they joined your mailing list through the 3rd party tool such as if you have a non-HubSpot sign-up form on your website.
Sales activity 6: Retention policy
You’re only allowed to store data for the purpose it’s intended and this includes the length of time you store data. The detail around this is up to you and needs to be confirmed in your privacy policy. Managing this will require periodic work.
If a contact requests that you modify the data you hold for them, here’s how to update contact data:
Once you’ve modified the contact in HubSpot, if you subscribed to the cloud sync tool then those updates will automatically update your other systems.
Option 1 - Typically, there are two ways that a contact can ‘unsubscribe’:
If you use HubSpot CRM and HubSpot Marketing Starter or above
If you use HubSpot CRM + a 3rd party email marketing tool
NOTE: With regards to ‘unsubscribing’, HubSpot CRM and MailChimp are completely separate systems and there is no way to have one central ‘unsubscribe’ link or to offer different subscription preferences such as sales emails, customer updates, marketing updates etc. The only way to get this functionality is for you to upgrade to HubSpot Marketing Starter so that your email marketing tool and CRM are on the same platform. Then you have complete control over all forms of consent and subscription types.
Option 2 - You get asked to ‘manually’ unsubscribe a contact
GDPR requires the permanent removal of each contact from your database, including email tracking history, call records, form submissions and more. In many cases, you’ll need to respond to the request within 30 days. The right to deletion is not absolute, and can depend on the context of the request, so it doesn’t always apply.
If you have HubSpot Marketing Starter or above, this is easier to manage as you have less systems to update.
I suggest this as a good process:
You may also need to delete email history etc. A legal advisor can answer this question.
Note about ‘soft’ delete option: To restore a contact in HubSpot go to the main Contacts area → Actions → Restore contacts.
Note about adding a ‘hard’ deleted contact: Per this HubSpot Academy article, you will receive an in-app notification that the contact can not be created. This will apply across all methods of contact creation including the 'Log to CRM' functionality.
Note about HubSpot: While their personal data will be deleted, their anonymized analytics will remain. For example, if the contact visited your site several times, those sessions will continue to be reflected in your Sources report (if you have a paid version of HubSpot Marketing) but in an anonymized way - you won’t know it was the individual. If you’ve sent emails to the individual, and then you delete them, their analytics will continue to be reflected in the emails you’d sent (opens, clicks, etc.) but their personal information (name) will no longer appear.
This is 100% where you need legal advice. The privacy policy should be publicly available on your website and linked next to every data capture point, i.e. some short ‘notice’ text next to each data capture point plus a link to your main privacy policy. It needs to be plain english, simple to understand, and amongst other information, it needs to include a retention policy.
As an example, here are HubSpot’s Privacy policy and the Cookie policy.
When you update your privacy policy you need to include the different ways you track, capture, and store data. To help with that, here are some suggestions:
That brings this series of posts and articles on GDPR Compliance to a close.
If you'd like support with GDPR, getting started with free technology such as HubSpot CRM, Sales, and Marketing, then start with a free consultation.