×

Hupspot GDPR lawful basis guide

/ CRM, Hubspot / By

How to Track Lawful Basis of Processing in Hubspot

Managing GDPR compliance inside Hubspot is easier when you correctly track lawful basis of processing for every contact and subscription type. This guide walks you through the exact steps to configure settings, capture consent, and document your legal grounds for processing personal data.

Understanding lawful basis tracking in Hubspot

Before you configure anything, it is important to understand what lawful basis means and how Hubspot stores it. Under GDPR and similar privacy laws, you must have a clear legal reason for processing personal data, such as consent, legitimate interest, or contractual necessity.

In Hubspot, lawful basis of processing is primarily tracked at the subscription level for marketing communications. It records:

  • The legal basis used for each subscription type.
  • The consent status (subscribed, unsubscribed, not specified).
  • The source and date of consent or other lawful basis.

When configured correctly, Hubspot can help you demonstrate compliance and respect contact preferences across email tools, forms, and CRM records.

Enable GDPR features in Hubspot account settings

To start tracking lawful basis of processing, you must first enable GDPR functionality in your Hubspot account. This unlocks consent settings on forms, subscription types, and contact records.

Steps to turn on GDPR in Hubspot

  1. Log in to your Hubspot account with super admin or required permissions.
  2. Navigate to Settings (gear icon) in the main navigation.
  3. In the left sidebar, go to Account Defaults or the privacy section, depending on your interface.
  4. Locate the GDPR or Data Privacy settings area.
  5. Toggle on the option to enable GDPR features for your Hubspot portal.
  6. Save your changes to apply GDPR tools across forms and subscriptions.

Once enabled, Hubspot adds consent options to relevant tools, allowing you to configure how lawful basis is captured and stored.

Configure subscription types and lawful basis in Hubspot

Lawful basis is closely tied to subscription types, which represent the categories of communications you send, such as newsletters, product updates, or event invitations. Configuring these correctly in Hubspot is essential for accurate compliance records.

How to set up subscription types in Hubspot

  1. Go to Settings in your Hubspot account.
  2. In the left sidebar, select Marketing and then Email, or the section where subscription types are managed.
  3. Open the Subscription Types tab.
  4. Create a new subscription type or edit an existing one.
  5. Provide a descriptive name and explanation so contacts clearly understand what they are opting into.
  6. Save the subscription type.

Each subscription type can be associated with lawful basis through consent captured on forms and other collection methods in Hubspot.

Recording lawful basis for each subscription in Hubspot

When a contact subscribes via a GDPR-enabled form or is added through another lawful method, Hubspot records their status and relevant metadata. To maintain accurate records, you should:

  • Use clear subscription descriptions for every Hubspot email type.
  • Ensure each contact’s subscription state reflects their actual consent or other basis.
  • Avoid manually changing consent without a documented legal reason.

This approach allows you to demonstrate that Hubspot is storing lawful basis information in a transparent and auditable way.

Use Hubspot forms to collect consent and lawful basis

GDPR-ready forms are the primary way to gather explicit consent and document lawful basis in Hubspot. When properly configured, forms can show clear consent checkboxes, legal text, and subscription options.

Enable GDPR options on Hubspot forms

  1. In your Hubspot account, navigate to Marketing > Forms.
  2. Create a new form or edit an existing one that will collect personal data.
  3. Open the form options or GDPR / Privacy settings panel.
  4. Turn on the GDPR consent options for the form.
  5. Choose the appropriate consent format, such as:
  • A single consent checkbox for all communications.
  • Multiple checkboxes for different subscription types managed in Hubspot.
  • Legitimate interest messages where applicable under your legal assessment.
  1. Add or customize the consent text to explain why you are processing data.
  2. Publish or update the form.

Once active, every submission through this form will log consent data in Hubspot, attached to the contact record and relevant subscription types.

Best practices for consent wording in Hubspot forms

Even though Hubspot provides the technical tools, you are responsible for the legal language. Consider these practices:

  • Clearly state what you will send and how often.
  • Explain your lawful basis (e.g., consent, legitimate interest).
  • Link to your privacy policy for further details.
  • Avoid pre-checked boxes to comply with GDPR expectations.

By combining sound legal wording with Hubspot consent features, you strengthen your compliance posture.

Review lawful basis on contact records in Hubspot

Once contacts start engaging with forms and emails, you can review their lawful basis of processing on individual records in Hubspot. This helps support audits, data subject requests, and internal checks.

How to view consent and subscriptions on a contact

  1. Go to Contacts in Hubspot.
  2. Open a specific contact record.
  3. Locate the Communication subscriptions or Subscriptions section.
  4. Review which subscription types the contact is subscribed to, unsubscribed from, or not specified.
  5. Check timestamps, source information, and any related notes about consent or lawful basis.

Hubspot stores this information so you can respond to questions like when a contact subscribed and which form or method was used.

Manually updating lawful basis information in Hubspot

In some cases, you may need to update subscription states due to offline consent, contractual obligations, or data corrections. When doing so in Hubspot, make sure to:

  • Document the reason for the change in contact notes or internal systems.
  • Only mark a contact as subscribed when you have a valid lawful basis.
  • Respect unsubscribe requests immediately across relevant Hubspot tools.

This disciplined approach ensures Hubspot continues to serve as a reliable system of record for lawful basis.

Use Hubspot data for compliance reporting and workflows

Once lawful basis tracking is set up, you can leverage Hubspot for ongoing compliance management and automation.

Building workflows and lists based on lawful basis in Hubspot

You can use subscription status and consent properties in Hubspot to:

  • Create active lists of contacts who have consented to specific email categories.
  • Exclude unsubscribed or non-consenting contacts from marketing workflows.
  • Trigger internal notifications when a contact withdraws consent.
  • Segment communications based on jurisdiction or consent type.

These capabilities help ensure that your campaigns in Hubspot align with the lawful basis you have recorded.

Additional resources beyond Hubspot configuration

While Hubspot gives you the tools to track lawful basis, you should also maintain broader compliance practices, including data inventories, policies, and legal reviews. For deeper strategic support, you can consult specialists and solution partners.

For example, you can explore implementation and optimization services at Consultevo, which focuses on CRM and marketing technology best practices.

To review the original product documentation, visit the official Hubspot knowledge base article on this topic: How can I track lawful basis of processing in Hubspot?

Summary: keeping lawful basis accurate in Hubspot

Tracking lawful basis of processing in Hubspot involves more than flipping a GDPR switch. You must:

  • Enable GDPR tools in account settings.
  • Define clear subscription types and map them to your legal bases.
  • Configure forms in Hubspot to capture explicit consent and store it.
  • Regularly review contact records and subscription statuses.
  • Use lists, workflows, and reports to enforce compliance in daily operations.

By combining careful configuration with ongoing governance, you can use Hubspot as a central system for documenting lawful basis of processing and supporting your GDPR compliance efforts.

Need Help With Hubspot?

If you want expert help building, automating, or scaling your Hubspot , work with ConsultEvo, a team who has a decade of Hubspot experience.

Scale Hubspot

“`

Verified by MonsterInsights