×

Hupspot GDPR consent setup guide

/ CRM, Hubspot / By

Hubspot GDPR privacy and consent setup guide

Hubspot provides built-in GDPR tools that help you collect consent, manage cookies, and handle data privacy requests across your CRM and marketing assets. This guide explains how to configure these features so your forms, emails, and tracking stay aligned with EU privacy requirements.

All steps below are based on Hubspot’s own GDPR resources and are intended to help you use the platform responsibly. Always consult your legal team to confirm how the rules apply to your business.

Understand GDPR features in Hubspot

Before changing settings, get familiar with the main privacy tools available in Hubspot. These features are designed to support lawful data collection and transparent communication with your contacts.

  • Cookie tracking and consent banners
  • Form consent options and legal text
  • Subscription types and lawful basis
  • Contact privacy and consent properties
  • Data subject access and deletion tools

GDPR compliance is a shared responsibility: Hubspot provides the tools, but you decide how to configure and use them according to your policies.

Enable GDPR functionality in Hubspot account settings

The first practical step is turning on GDPR features in your Hubspot account. This unlocks additional privacy fields, cookie controls, and consent options across your tools.

Steps to turn on GDPR settings in Hubspot

  1. Sign in as a super admin to your Hubspot portal.
  2. Go to your main account settings menu.
  3. Locate the privacy or GDPR section in the settings navigation.
  4. Enable the GDPR or data privacy toggle for the account.
  5. Review the default options that become available, such as cookie banners and consent fields.

Once activated, these settings affect forms, subscription management, and how tracking cookies are handled on your Hubspot-hosted content.

Configure Hubspot cookie banners and tracking

GDPR emphasizes transparency around cookies and tracking technologies. Hubspot offers cookie banners you can configure for your domains to inform visitors and obtain consent where required.

Set up cookie banners in Hubspot

  1. In settings, open the cookie or tracking section.
  2. Select the domain where your Hubspot tracking code is installed.
  3. Choose the appropriate consent behavior, such as requiring consent before non-essential cookies fire.
  4. Customize the banner text to explain what cookies you use and why.
  5. Provide a link to your full cookie policy and privacy policy.
  6. Save and publish the banner for the selected domain.

Hubspot allows you to modify banner style and wording so the experience matches your brand while still clearly explaining tracking practices.

Best practices for Hubspot cookie consent

  • Use simple language to describe analytics, advertising, and essential cookies.
  • Offer clear options to accept or manage preferences.
  • Include a persistent way for visitors to change their choices later.
  • Ensure your cookie policy page stays up to date with your real tracking setup.

Set up form consent in Hubspot

Whenever you collect personal data, you need a clear lawful basis. Hubspot forms can display consent checkboxes and legal text that document how and why data will be used.

Configure consent options on Hubspot forms

  1. Open your forms tool in Hubspot.
  2. Create a new form or edit an existing one.
  3. In the form options or GDPR section, enable consent fields.
  4. Add checkboxes for different communication types if needed (for example, email marketing, phone calls).
  5. Customize legal text to describe the purpose of data collection and reference your privacy policy.
  6. Map consent choices to the appropriate subscription types in your Hubspot account.

When visitors submit a form, Hubspot stores their consent selections in contact properties so you can respect their preferences in future campaigns.

Tips for compliant Hubspot form design

  • Separate service or transactional communications from promotional messages.
  • Avoid pre-ticked consent boxes; let users actively choose.
  • Provide a direct link to your privacy policy on each form.
  • Explain how long data will be stored and how people can withdraw consent.

Manage subscriptions and legal basis in Hubspot

GDPR requires you to track why you are allowed to contact someone and what types of messages they agreed to receive. Hubspot uses subscription types and consent properties to manage this information.

Define subscription types in Hubspot

  1. Go to the subscription settings section in your account.
  2. Review default subscription types created by Hubspot.
  3. Create additional types that match your email categories, such as newsletters, product updates, or event invites.
  4. Write clear descriptions for each type, visible on the subscription preferences page.
  5. Map forms and consent checkboxes to these subscription types.

This structure lets Hubspot automatically update a contact’s permissions when they complete forms or manage their preferences.

Use Hubspot contact properties for GDPR

Hubspot includes several privacy-related properties, such as legal basis and subscription status. You can use these to segment lists and control who receives specific communications.

  • Filter contacts by subscription type and status before sending campaigns.
  • Track when and how consent was obtained.
  • Store the lawful basis used for certain processing activities when appropriate.

Always align your segmentation rules with the information stored in these properties so your outreach stays consistent with recorded consent.

Handle data subject requests in Hubspot

Under GDPR, individuals can request access to, correction of, or deletion of their personal data. Hubspot offers tools to help you respond to these requests for contacts stored in your CRM.

Process access and export requests in Hubspot

  1. Locate the contact record in your CRM.
  2. Review the data stored across timeline events, properties, and subscriptions.
  3. Use available export options to provide a copy of relevant data if required.
  4. Document the request and the date you fulfilled it.

Process deletion requests in Hubspot

  1. Identify the correct contact in your database.
  2. Confirm the scope of the deletion with your legal or compliance team.
  3. Use the contact deletion tools in Hubspot to remove or anonymize personal data as appropriate.
  4. Verify that marketing automation workflows and lists no longer reference the deleted contact.

Deletion actions in Hubspot can be permanent, so validate requests carefully and maintain internal logs of the decisions you make.

Additional GDPR resources for Hubspot users

For detailed, up-to-date information, review the official Hubspot GDPR resources available in their knowledge base. The main reference page is here: Hubspot GDPR resources. This page links to specific guides for cookie banners, form consent, legal basis, and data management.

If you need strategic help implementing these tools alongside your broader marketing and CRM stack, consider working with a specialist consultancy such as Consultevo to design a privacy-first configuration.

Recap: using Hubspot for GDPR-friendly marketing

When configured correctly, Hubspot can support a GDPR-conscious approach to data collection and communication. To recap:

  • Activate GDPR features in account settings.
  • Configure cookie banners for all tracked domains.
  • Add clear consent options and legal text to forms.
  • Define subscription types and map them to consent choices.
  • Use contact properties to respect preferences in every campaign.
  • Leverage Hubspot tools to respond to access and deletion requests.

Combine these settings with internal policies and legal guidance so your team uses Hubspot in a way that is both effective and respectful of individual privacy rights.

Need Help With Hubspot?

If you want expert help building, automating, or scaling your Hubspot , work with ConsultEvo, a team who has a decade of Hubspot experience.

Scale Hubspot

“`

Verified by MonsterInsights