In 2018, after a two-year review process, the European Union put its General Data Protection Regulation (GDPR) into effect. The GDPR was the largest and most stringent data policy in the world.
Soon after, California enacted the California Consumer Privacy Act, which went into effect on Jan. 1, 2020. Since then, Virginia has passed its own data law, with Colorado, Illinois, Massachusetts, and more than a dozen other states poised to follow suit.
These laws are all aimed at the same thing: making sure consumers have control over how they’re marketed to.
On top of these legal developments, search engines such as Firefox and Safari have banned third-party cookies, and Google will soon do the same with Chrome.
Clearly, data privacy is on everyone’s mind.
Even if you don’t live or work in the E.U. or one of the states listed above, these laws may still affect you. And while litigation can be scary, the real motivation here is trust. You don’t want to annoy your potential customers by spamming them with emails they didn’t sign up for — or doing anything else that’s too much too soon.
For small businesses that want to be on the right side of the law — and do well by their customers — here’s what you need to know when collecting data with HubSpot.
(Note: There are tons of different facets of data privacy. If you’re an e-commerce company, your needs are different than if you’re a medical software firm. Here, we’re talking only about collecting contact information for marketing purposes.)
First off, do your data privacy homework
This article is not going to attempt to give you any legal advice beyond the obvious: Familiarize yourself with the laws that might pertain to you.
For example, did you know that the CCPA doesn’t apply to nonprofits or to businesses with annual revenue under $25 million? Did you know that non-European companies can still be sued under GDPR?
It’s certainly a patchwork landscape, so be sure not to push data privacy to the back burner, thinking it doesn’t apply to you. We operate in a global economy, and that new contact who just entered your system could be from down the street or thousands of miles away.
The best way to serve your customers and stay compliant with data standards is to err on the side of caution.
It isn’t just about not getting sued. You don’t want to be emailing people who don’t actively want your emails. Such practices turn off would-be customers and create negative associations with your brand. Soon, your deliverability rate falls, which can have far-reaching consequences. Your metrics will look worse, too.
With this in mind, let’s dive into how we can ensure that our contact lists are as clean as can be.
HubSpot and data privacy
Whether you’re just using HubSpot for marketing automation, or you’re using its entire website platform, you’ll need to stay aware of the best ways to collect and manage your visitors’ personal data.
Most of your new contacts are going to come to you by way of a form fill. Whether they’re downloading an asset or signing up for a newsletter, they’re giving you their contact info in exchange for content. Years ago, we might have added this email address to our contact list and simultaneously signed it up to receive marketing emails, too. Now, though, we need to ask our visitors about the communication they want to receive.
HubSpot makes it easy to be compliant with data privacy expectations. When building a form, use the Notice and Consent/Legitimate interest (GDPR) dropdown to select the best option for you and your users.
You can also tailor the language of any checkbox. You might want to allow users to decide which types of emails they want to opt-in (or out) for. We recommend talking to a legal expert before you make major changes so you know you’re covering your bases.
Head on over to your settings in HubSpot, and then click on “Privacy and Consent.”
From there, you’ll be able to publish and edit your cookie tracking notification as shown below.
All of this makes sense for contacts you collect going forward, but what about those already in your database? You might have thousands of contacts going back years. Are you supposed to email each of them and ask for their consent to opt-in to communication they’ve already been getting?
When you’re importing contacts into HubSpot, you have two options:
If you have consent from them on another platform: If these contacts have already opted in to marketing communication on your previous platform, you should be good. If you have this documented, all the better. Just tell HubSpot that you already have consent, and HubSpot will treat those contacts accordingly. Or, if they specifically opted out of communication, tell HubSpot that, too.
If you don’t have consent from them on another platform: This is where it gets tricky. If you have an older list of contacts who never opted in to communications, you’re in a tough spot. You could email this list and ask for consent, but that means you’d be emailing people who never agreed to get emails, which is a no-go. As painful as it may be, you should keep these older contacts out of your marketing outreach. If they’re serious about being your customers, they’ll come back and sign up again.
Good data privacy, collection, and management provides a better customer experience
A site visitor who opts into your marketing or agrees to sign up for your newsletter is all the more likely to open those emails when they come through. They’re more likely to click on an offer. They’re more likely to make a purchase.
When you’re evaluating conversions, you want to make sure you’re working with the best data you can. While it might feel good in the short term to put up gaudy contact numbers by opting in everyone you can, you’re going to end up with unhappy prospects who unsubscribe or mark your emails as spam.
Use the HubSpot tools to keep your data collection aboveboard. At the same time, keep abreast of new legislation that might further muddy the waters around data privacy.
Think about the way you would want to be treated as a customer, and do the same for your own site visitors.