Skip to main content
Newspaper illustration

Your Global Marketing Must Have: HubSpot Marketing Hub Privacy Compliance


At Etumos, we think of Privacy Compliance as the operational workflows that orchestrate and govern the business decisions your organization makes around storing, processing, and marketing to its database.

Most email marketing platforms leave organizations to their own devices when implementing compliance processes, but HubSpot Marketing Hub provides out-of-the-box functionality that helps your team get a jump-start on compliance.

This blog examines the core components and features of HubSpot GDPR settings and some nuances in how this applies to other methods of managing consent and record marketability.

What is privacy compliance processing in HubSpot Marketing Hub?

HubSpot Marketing Hub bases its out-of-the-box privacy compliance functionality on the EU’s General Data Protection Regulation (GDPR.) While the term GDPR is used interchangeably with “privacy compliance” in the HubSpot documentation and platform, the features contained in this section can help you manage additional privacy compliance regulations such as CAN-SPAM, CCPA, and CASL.

TLDR: These features help manage and capture marketing and cookie consent as well as determine legal basis to communicate.

Why should companies implement HubSpot GDPR features?

Choosing to not comply with privacy regulations is certainly a valid business decision, but as these laws become increasingly strict, it opens your organization up to additional risk.

I’m not a lawyer, but I highly recommend all marketing teams review the regulations that pertain to the primary geographic regions found in their database. If your company has a legal team, it’s best to review regulations and get their recommendations on the best way to manage privacy compliance in your platform.

When should a company implement HubSpot GDPR features?

Ideally, privacy compliance is something you’re considering at the inception of your marketing and sales function. Data collection and storage is a hot topic and regulations continue to evolve and tend to side with the consumer end-user having more and more rights.

If you haven’t set up privacy compliance out of the gates, all is not lost!

How can a company set up privacy compliance in HubSpot?

Enable the EU General Data Protection Regulation (GDPR)

This feature is found and managed in your HubSpot settings under Account Setup > Privacy & Consent.

ProTip: Don’t check the Legal basis for emails box yet! Until you are fully configured and your data has been updated, this will drastically limit your ability to market to your database.

Turn on the Cookie banner.

This is only relevant if your website is managed by HubSpot! This feature enables you to capture cookie consent on your website and turn off cookie tracking if they decline.

ProTip: You may need to collaborate with your web team if they are using other functionality to capture cookie consent.

Collect consent on your forms.

This can be done explicitly with opt-in checkboxes that capture a consent boolean field. This can also be done implicitly using ‘legitimate interest’ text. Definitely have your legal team weigh in here. The former option is more risk-averse, but adds additional fields and lengthy text to your forms; the latter is less risk-averse and adds a little less text to forms.

Configure email subscriptions.

You can set up to 1000 subscription types, but we don’t recommend getting too granular here – the more you have, the harder it is to manage subscriptions and the more options a user has on their preference center.

Contacts will have a status for each available subscription – Not Specified, Subscribed, or Unsubscribed. With GDPR enabled, you can only email records that are Subscribed or explicitly Opted-In. Without GDPR enabled, you can email records that have explicitly opted-in AND records that have not explicitly opted out.

There are a lot of nuances here and HubSpot does a great job of explaining how to configure and manage subscriptions in their documentation.

Who should be involved with privacy compliance?

Your marketing and legal teams are going to have to duke this one out. Marketing is always driven to increase the size of its marketable database and Legal often wants to reduce risk as much as possible. Finding a middle ground of compliance without over-complication of requirements can be a bit of a dance, but is worth the business effort to ensure the business is effectively protected.


Privacy compliance is hard, and HubSpot does everyone a favor by providing powerful options to manage consent and emailability. There are many options to configure, but collaboration with your marketing and legal teams will help determine the appropriate requirements which will guide your configuration in HubSpot.

Get in Touch with Us

At Etumos, we love what we do and we love to share what we know. Call us, email us, or set up a meeting and let's chat!

Contact Us