The General Data Protection Regulation (GDPR) is a legal framework highlighting guidelines for the processing of personal data within the EU.
The guidelines introduce strict new rules about how and when companies can store personal data and include individuals in their marketing communications.
The HubSpot marketing platform has a number of features to help customers comply, including new email subscription options, consent checkboxes and cookie tracking. However, if you’re thinking of adding contacts from another source such as LinkedIn, where you don’t have explicit consent, you may be wondering if this is compliant.
In this article, we’ll explore how adding LinkedIn contacts to HubSpot complies with GDPR, and what steps are necessary to ensure GDPR guidelines are met.
Hubris is a Chrome extension that allows you to add LinkedIn contacts to HubSpot with a full paper trail and without capturing more information than you need. Try it for free today.
What GDPR is and why it matters
As we mentioned earlier, GDPR sets out guidelines for personal data processing for countries within the EU. However, Brexit negotiations have had an impact on what this means for UK companies.
The EU GDPR is an EU regulation, meaning that the UK now has the ability to review and change it. If your business operates in the UK, you will still need to comply with UK data protection law. GDPR has been incorporated into this as the UK GDPR. This means that, in practice, there is minimal change to the primary data protection principles and rules found in the UK GDPR.
If your business operates, offers goods or services, or monitors behaviour of individuals in the European Economic Area (EEA), the EU GDPR may still apply to you. It also applies to businesses in Europe who send data to your organisation, so you may be required to help them decide how to transfer data to the UK in line with the UK GDPR.
Ethical reasons for compliance
‘Data ethics’ refers to how you collect, store and use your contacts’ personal data.
It is vital to consider the impact and potential for harm when it comes to collecting, storing and processing personal information. When capturing data, always be clear about why you are collecting it and what you will be using it for.
Complying with GDPR and being transparent about what you’re doing with contact data will help you to build trust with your connections.
Different legal bases for storing and processing personal data
GDPR requires businesses that process personal data to have a valid legal basis for this activity.
There are six legal bases for processing personal information:
- Consent - the data subject has given consent to the organisation to store and process their information
- Performance of a contract - the data processing activity is necessary to perform a contract with the data subject
- Legitimate interest - personal data can be used for business purposes, such as marketing
- Vital interest - data required to save someone’s life (most commonly seen in emergency medical situations)
- Legal requirement - processing activity is needed for a legal obligation, such as employment or information security
- Public interest - processing activity that occurs by government entity or behalf of a government entity
For every contact you store in HubSpot, HubSpot allows you to record your legal basis for storing that particular record. However it’s up to you, or your legal team, to decide which legal basis to use and where.
Some companies will decide to only store data on individuals who have voluntarily consented for that to happen. If this is the case for your business, it’s unlikely (but not impossible) that you will have this consent from your LinkedIn connections, so adding them to HubSpot may not be something your legal team considers compliant.
However, other companies rely on the legitimate interest argument to store information on their prospects, regardless of whether the individuals have consented to this. In this instance, adding your LinkedIn connections to HubSpot and tracking their legal basis as legitimate interest could be considered compliant, as a necessary step in the pursuit of new business.
That said, even if this is the case, your business still needs to use personal data fairly and uphold individuals’ rights to access their data, and their right to be forgotten. To do this, you should ensure any LinkedIn contacts added to HubSpot have a complete paper trail, so the circumstances and legal basis for adding their data to HubSpot are never in question.
How Hubris helps you to capture the provenance of data in HubSpot
With Hubris, you can capture personal information about your LinkedIn connections, and store and process that data in HubSpot.
When it comes to connections in the EU, you must do this in a way that gives them control over their own data in line with GDPR.
Hubris has been built with GDPR in mind, and provides several methods to support your compliance plan:
Legal basis and creating a paper trail
The alternative to using an automated system to collect and process personal data from LinkedIn is to copy and paste details from LinkedIn into HubSpot manually. Not only is this time consuming, it also results in incomplete and inaccurate data. In a similar way, storing contact information in spreadsheets can be susceptible to these issues and will not provide a paper trail.
Any personal data you capture from LinkedIn will be labelled as such in HubSpot with a clear record of the date. This provides a full paper trail of how and when new contacts are created, along with a complete history of any changes made to them and whether they were made by Hubris or another member of your team.
Necessary data capture
With Hubris, you can be selective about the information you capture, so you can make sure personal information is only stored where you have a legitimate interest to do so.
Try Hubris for free
Hubris can help you connect your HubSpot contacts to LinkedIn in a safe and compliant way, so that you can easily nurture those connections and potentially turn them into leads. It also allows you to keep all your conversations with those contacts in one place, and allows you to be selective about which data you capture.