How you can perform a GDPR-compliant delete in HubSpot

Under the General Data Protection Regulation (GDPR), your contacts have the right to request to delete all of their personal data. If this happens, then GDPR requires you to permanently remove the contact record from your database, including email tracking history, call records, form submissions, and other engagement data and activity. These requests should be served within 30 days. The right to deletion is not absolute and can depend on the context of the request, so it doesn’t always apply.

In HubSpot, GDPR-compliant deletion includes a blocklist functionality, which means that once a contact is deleted under GDPR, you will not be able to add them back to your account in the future. This functionality is supported by anonymized data. If a GDPR-deleted contact chooses to fill out a form on your website, they will be added back again to your account. 

You must be a Super Admin in your account to perform a GDPR-compliant deletion in HubSpot and GDPR features must be enabled.

Perform a GDPR-compliant delete on a contact

 

GDPR-compliant deletions can only be performed on individual contact records.  

  • Go to Contacts > Contacts in your HubSpot account.
  • Click a contact name. 
  • Click Actions in the left panel, then select Delete.
  • Select the Permanently delete this contact and all its associated content to follow privacy laws and regulations radio button in the new box. Then click Delete contact.

Data that will be purged upon a GDPR-compliant delete

Up to 30 days after the GDPR deletion is initiated, a GDPR-compliant purge will be performed. The record will be removed from your HubSpot account along with the following information: 

  • Salesforce connector
  • Contacts data 
  • Analytics data
  • Calling data
  • Form submissions
  • Feedback data
  • Integrations data 
  • Emails
  • Notifications
  • Meetings 
  • Engagements
  • Conversations 
  • Bots 

Perform a GDPR-compliant delete on a previously deleted record

 

 

If a record is already deleted and sent to the recycle bin that is, it is deleted normally and not a GDPR-compliant delete, you can still perform a GDPR-compliant delete by first restoring the contact:

  • Go to your contacts, companies, deals, or tickets in your HubSpot account.
  • Click the dropdown Actions and select Restore [objects].
  • Select the checkbox next to the record you want to restore.
  • Click Restore.
  • Confirm the number of contacts to restore, then click Restore.

Once the record is restored, follow the above instructions to perform a GDPR-compliant delete of the contact.