GDPR, Tom Pumford, ParkerMather, Unsplash
Read on so you do not end up like this guy. (Credit: Tom Pumford/Unsplash)

 

General Data Protection Regulation, or GDPR, refers to a unified set of data protection regulations that give individuals greater control over how their personal data is used and obligates companies operating in the European Union to transparently and securely handle data of individuals. The EU adopted GDPR in May 2016, and it will be in effect on May 25, 2018.

In the wake of Facebook’s most recent data management challenges, companies operating in Europe will give particular care to the EU’s mandate.

According to John Kelleher, General Counsel at HubSpot, there are four guiding principles of the GDPR:

  1. Companies must keep and process personal data for a specific reason(s). This means you must explain how user data will be used — to the user.
  2. Companies must provide users with a copy of their personal data and update it upon request. This means users must have an option to save the form or have it sent to them.
  3. Companies may only keep user data if it is necessary and must delete it when they longer need it. (That means padding your email list with inactive contacts is unwise.)
  4. Companies must ensure that data is up to date and securely stored.

The GDPR makes customer consent and reasons for using data clear in the beginning. This addresses the uncertainty that can exist around consent among marketers, sales teams and customers.

The transparency GDPR introduces, Kelleher said, is “a lot about opting in, about consenting, about [customers] agreeing to” certain uses of data.

What is HubSpot doing?

On April 30, HubSpot hosted a live Q&A with staffers Kelleher and Tom Monaghan, the company’s Director of Product, to share how the EU standard impacts sales and marketing teams in the U.S.

While HubSpot will be GDPR compliant by May 25, the company has also formed an internal cross-functional working group and launched a data center in Frankfurt, Germany to expand its EU cloud infrastructure.

Monaghan announced that HubSpot is rolling out product changes to support GDPR compliance. He highlighted four areas that they launched or improved:

  1. GDPR feature toggle: This will be rolled out soon and available to select HubSpot customers.
  2. Lawful basis of processing: Kelleher focused on three parts: Performance of a contract, consent, and a legitimate interest. First, companies must have a legal reason for using customer data, such as sending billing statements covered in the contract. Second is consent as the customer must opt-in to communication, be able to opt-out of communication, know how information is being used, and be able to gain access to her/his data within a reasonable time. Third is legitimate interest as companies must provide information about where the company obtained the information and an option to unsubscribe.
  3. Cookies: HubSpot will soon support localization of cookie notices and cookie consent notifications. Localization will allow users to see notifications in a customized language and format. The notifications will be available in time for the GDPR deadline on May 25. Customers also will soon be able to revoke cookie access.
  4. Access/portability and deletion: HubSpot users can already export and delete individual customer contacts. A soft deletion means you can recover the profile for up to 90 days after whereas a “hard deletion” permanently removes the customer profile. If the customer signs up again, it will be treated as a new record.

Monaghan anticipates non-EU HubSpot users using GDPR compliant features because “these really are the way that customers are going, and that inbound is going.”

This future of inbound marketing is still focused on building trust. For example, HubSpot forms offer an unchecked box that the customer can select to show consent and capture the terms, as well as when the customer consented.

“If someone does not provide consent, you need a mechanism to provide that content,” Kelleher said.

If a user wants to download an ebook but does not want her data processed, HubSpot forms will automatically provide a link in the form to download the ebook. In this case, the user data will not be deleted because it was never stored in the HubSpot’s database.

Finally, HubSpot users will have control over their access to and use of the GDPR feature toggle. The toggle will be available to select HubSpot users.

How does GDPR impact my business?

For HubSpot customers, the platform laid a foundation for one of the most responsive data management workflows available to sales and marketing organizations. From the GDPR feature toggle to data portability features, HubSpot is equipping businesses with a suite of tools to mitigate risk in its customer activities.

For users, GDPR gives greater control over how and how long your data is used. The European standard requires companies to be deliberate when they request personal information, responsible in storing that information, and thorough in disposing of that data.

Why should Americans care about an EU regulation?

The GDPR is the dominant model for handling customer data and increasing transparency about personal data usage by companies. The GDPR could serve as a model for U.S. legislation even though it only currently impacts companies and business interactions in EU member nations.

Facebook is the most recent example of compromised systems around user data and acquiring consent. However over the last few years, major unrelated incidents around user data have dominated U.S. headlines.

European courts have continuously erred on the side of the user. In May 2014, the EU ordered search engines in Europe to remove compromising information about individuals. According to a research paper, Google alone received 650,000 requests and removed over 40%. In June 2017, the courts fined Google $2.7 billion for anti-competitive price comparisons in search results.

If adoption is significant, the GDPR could easily move from an EU standard to a de facto global data management standard.

What HubSpot resources are available to comply with GDPR?

Since January, HubSpot has released several resources to help organizations prepare for the May 25 GDPR implementation deadline. Here are a few of the HubSpot resources at your disposal:

This blog post originally appeared on the Philadelphia HubSpot User Group blog, which you should read.