Free Assessment: How does your inbound marketing measure up?

Get Started

Free Assessment:

How does your inbound marketing measure up?
Take this free, 5-minute assessment and learn what you can start doing today to boost traffic, leads, and sales.
Get Started

Free Assessment:

HubSpot and Data Privacy: How to Collect Contacts the Right Way

With data privacy laws proliferating, you need to be sure that the contacts you’re marketing to have opted in to receiving communication. Here’s how to do it. 

By John Becker

HubSpot and Data Privacy: How to Collect Contacts the Right Way

In 2018, after a two-year review process, the European Union put its General Data Protection Regulation (GDPR) into effect. The GDPR was the largest and most stringent data policy in the world.

Soon after, California enacted the California Consumer Privacy Act, which went into effect on Jan. 1, 2020. Since then, Virginia has passed its own data law, with Colorado, Illinois, Massachusetts, and more than a dozen other states poised to follow suit. 

These laws are all aimed at the same thing: making sure consumers have control over how they’re marketed to. 

On top of these legal developments, search engines such as Firefox and Safari have banned third-party cookies, and Google will soon do the same with Chrome. 

Clearly, data privacy is on everyone’s mind.

Even if you don’t live or work in the E.U. or one of the states listed above, these laws may still affect you. And while litigation can be scary, the real motivation here is trust. You don’t want to annoy your potential customers by spamming them with emails they didn’t sign up for — or doing anything else that’s too much too soon. 

For small businesses that want to be on the right side of the law — and do well by their customers — here’s what you need to know when collecting data with HubSpot.

We'll dive into:

  • Data collection through forms
  • Cookie tracking notifications
  • Migrating contacts in from other platforms

(Note: There are tons of different facets of data privacy. If you’re an e-commerce company, your needs are different than if you’re a medical software firm. Here, we’re talking only about collecting contact information for marketing purposes.)

First off, do your data privacy homework

This article is not going to attempt to give you any legal advice beyond the obvious: Familiarize yourself with the laws that might pertain to you

For example, did you know that the CCPA doesn’t apply to nonprofits or to businesses with annual revenue under $25 million? Did you know that non-European companies can still be sued under GDPR?

It’s certainly a patchwork landscape, so be sure not to push data privacy to the back burner, thinking it doesn’t apply to you. We operate in a global economy, and that new contact who just entered your system could be from down the street or thousands of miles away.

The best way to serve your customers and stay compliant with data standards is to err on the side of caution. 

If you want to know more about HubSpot and GDPR, you can use HubSpot’s playbook, which covers tools and best practices. They have content addressing the CCPA as well. These can serve as primers to get you up to speed.  

Remember, data security is good for business

It isn’t just about not getting sued. You don’t want to be emailing people who don’t actively want your emails. Such practices turn off would-be customers and create negative associations with your brand. Soon, your deliverability rate falls, which can have far-reaching consequences. Your metrics will look worse, too.

If your contact list is swollen with visitors who did not opt-in, that’s going to hurt your open rate and click-through rate on every email you send

With this in mind, let’s dive into how we can ensure that our contact lists are as clean as can be. 

HubSpot and data privacy

Whether you’re just using HubSpot for marketing automation, or you’re using its entire website platform, you’ll need to stay aware of the best ways to collect and manage your visitors’ personal data. 


Most of your new contacts are going to come to you by way of a form fill. Whether they’re downloading an asset or signing up for a newsletter, they’re giving you their contact info in exchange for content. Years ago, we might have added this email address to our contact list and simultaneously signed it up to receive marketing emails, too. Now, though, we need to ask our visitors about the communication they want to receive.

HubSpot makes it easy to be compliant with data privacy expectations. When building a form, use the Notice and Consent/Legitimate interest (GDPR) dropdown to select the best option for you and your users. 

You can also tailor the language of any checkbox. You might want to allow users to decide which types of emails they want to opt-in (or out) for. We recommend talking to a legal expert before you make major changes so you know you’re covering your bases. 

Cookie tracking

By this point, we’re all familiar with the bottom banner or pop-up that most websites have to inform us of their cookie policy. Those are annoying but important. They give your visitors the option to opt-out of cookie tracking. According to research from Deloitte, 81% of websites have some form of notification alerting users about cookies

Your website should follow suit.

Through HubSpot, you can publish a notification that tells users your site uses cookies, but you have to manually turn this on. 

Here’s how:

  1. Head on over to your settings in HubSpot, and then click on “Privacy and Consent.”
  2. From there, you’ll be able to publish and edit your cookie tracking notification as shown below. cookie notification hubspot example

Legacy contacts

All of this makes sense for contacts you collect going forward, but what about those already in your database? You might have thousands of contacts going back years. Are you supposed to email each of them and ask for their consent to opt-in to communication they’ve already been getting?

When you’re importing contacts into HubSpot, you have two options:

  • If you have consent from them on another platform: If these contacts have already opted in to marketing communication on your previous platform, you should be good. If you have this documented, all the better. Just tell HubSpot that you already have consent, and HubSpot will treat those contacts accordingly. 
    Or, if they specifically opted out of communication, tell HubSpot that, too. 
  • If you don’t have consent from them on another platform: This is where it gets tricky. If you have an older list of contacts who never opted in to communications, you’re in a tough spot. You could email this list and ask for consent, but that means you’d be emailing people who never agreed to get emails, which is a no-go.
    As painful as it may be, you should keep these older contacts out of your marketing outreach. If they’re serious about being your customers, they’ll come back and sign up again.

Good data privacy, collection, and management provides a better customer experience

A site visitor who opts into your marketing or agrees to sign up for your newsletter is all the more likely to open those emails when they come through. They’re more likely to click on an offer. They’re more likely to make a purchase.

But every purchase is based on trust, and businesses that abuse that trust have a higher chance of failing. 

When you’re evaluating conversions, you want to make sure you’re working with the best data you can. While it might feel good in the short term to put up gaudy contact numbers by opting in everyone you can, you’re going to end up with unhappy prospects who unsubscribe or mark your emails as spam. 

Use the HubSpot tools to keep your data collection aboveboard. At the same time, keep abreast of new legislation that might further muddy the waters around data privacy.

Think about the way you would want to be treated as a customer, and do the same for your own site visitors. 

(If you're still on the fence, we have an up-to-date, in-depth review of HubSpot.)

Free Assessment:

How does your inbound marketing measure up?
Take this free, 5-minute assessment and learn what you can start doing today to boost traffic, leads, and sales.


Inbound Marketing
Data Security
Published on October 4, 2021

Recent Articles

Word-of-Mouth is Fragile; Here's How to Build Market Durability
May 10, 2023 • 5 min read
9 Best Customer Feedback Tools for Businesses of Every Size
March 27, 2023 • 6 min read
How to Ghostwrite Content for a Subject Matter Expert
March 20, 2023 • 4 min read
What Happens When You Don't Have Buy-in for Your Inbound Strategy?
March 9, 2023 • 4 min read
Content Marketing in 2023: Principles, Platforms, and Content Distribution
January 4, 2023 • 5 min read
How To Set Content Marketing Goals for Growth
December 29, 2022 • 6 min read
Inbound Marketing for Logistics Companies (Transportation and Warehousing)
December 8, 2022 • 10 min read
How Much Does Inbound Marketing Cost in 2023?
November 28, 2022 • 12 min read
How To Grow Your Email List: 13 Savvy Tips To Try in 2023
November 22, 2022 • 9 min read
7 Inbound Marketing Strategy Mistakes that Will Cost You in 2023
October 19, 2022 • 8 min read
Inbound Marketing for Construction Companies
June 11, 2022 • 11 min read
What is the Inbound Marketing Methodology?
June 8, 2022 • 15 min read
Inbound Marketing for Staffing Agencies
May 28, 2022 • 8 min read
Green Energy Inbound Marketing Strategy: The DIY Approach to Getting More Customers
May 7, 2022 • 9 min read
IMPACT+ for Business vs. the They Ask, You Answer Mastery Program
April 15, 2022 • 8 min read
Inbound Marketing for Franchises: Attracting Your Audience
March 25, 2022 • 6 min read
3 Surefire Signs Your Content Is Hitting the Wrong Audience
March 18, 2022 • 5 min read
Inbound Marketing for Higher Education
March 11, 2022 • 9 min read
Starting a Business Blog? Features and Best Practices for Success in 2022
March 10, 2022 • 10 min read
11 Books Every Black Sales and Marketing Professional Should Read in 2022
March 5, 2022 • 10 min read
Commercial Real Estate Inbound Marketing Strategy: The Simple Way to Get More Customers
March 4, 2022 • 6 min read
Inbound Marketing for Financial Services Providers and Financial Advisors (+ examples)
February 19, 2022 • 10 min read
Inbound Marketing for IT Companies
February 11, 2022 • 11 min read
10 Reasons Why Your Website Is Not Ranking In Google
February 10, 2022 • 15 min read
Inbound Marketing for Manufacturers
February 4, 2022 • 12 min read