HubSpot GDPR Compliance: A UK Guide for 2026

GDPR compliance isn't a one-time project - it's an ongoing responsibility, and for businesses using HubSpot, getting it right inside your CRM is one of the most important steps you can take. Whether you're preparing for a data audit, onboarding new contacts, or reviewing your marketing processes for 2026, this guide covers everything you need to know about GDPR and HubSpot.

If you're based in the UK, it's worth noting that UK GDPR - which came into effect after Brexit - mirrors the EU regulation closely but sits under UK law. The practical requirements for HubSpot users are largely the same, but you're accountable to the ICO rather than EU supervisory authorities.

Marketing vs. Non-Marketing contacts in HubSpot

HubSpot allows you to classify your contacts as either marketing or non-marketing, which affects how you can communicate with them and how they are counted toward your subscription limits. 

Marketing contacts

• These are individuals you actively engage with through marketing emails, ads, and other promotional activities.

• Marketing contacts count toward your HubSpot subscription limits.

• Use marketing emails, automated workflows, and personalised campaigns to nurture and convert marketing contacts.

How does someone become a Marketing Contact?

• Explicit opt-in: A contact becomes a marketing contact when they explicitly opt-in to receive promotional emails or communications through forms or other methods.

• List membership: Adding a contact to a marketing-focused list or workflow in HubSpot can designate them as a marketing contact.

• Manual updates: You can manually update a contact's status to marketing within HubSpot based on their engagement history or consent.

• Integration data: If your HubSpot account integrates with other tools, contacts marked as marketing in those tools may automatically sync as marketing contacts in HubSpot.

Non-Marketing contacts:

• These contacts are stored in your database but are not actively targeted with marketing communications.

• Non-marketing contacts do not count toward your marketing contact tier limit.

• Communication with non-marketing contacts is limited to one-on-one emails, customer service interactions, or sales outreach.

By categorising your contacts appropriately, you can optimise your marketing efforts while staying within your subscription plan’s limits.

What is GDPR?

The GDPR is a comprehensive data protection law enacted by the European Union (EU) in May 2018. Its primary goal is to safeguard the privacy and personal data of individuals within the EU. Key principles of GDPR include:

• Transparency - Businesses must clearly explain how they collect and use personal data.

• Consent - Individuals must provide explicit consent for data collection and processing

• Access and control - Users have the right to access, modify, or delete their personal data.

• Accountability - Organisations must implement robust measures to protect data and demonstrate compliance.

GDPR applies to any organisation that processes the personal data of EU citizens, regardless of the company’s location.

How does HubSpot address GDPR?

HubSpot offers a suite of tools and features to help businesses comply with GDPR regulations. These features enable you to manage data responsibly and provide your audience with the transparency and control they deserve. Here are the key ways HubSpot supports GDPR compliance:

1. Consent Management

• Forms - HubSpot forms include options to capture explicit consent, such as checkboxes for opt-ins.

• Email preferences - Users can easily manage their subscription preferences through dedicated pages.

2. Data management

• Data access requests - HubSpot allows you to fulfil requests to access, modify, or delete personal data.

• Anonymisation - Deleted contacts are permanently anonymised to protect user privacy.

3. Cookie tracking - HubSpot provides cookie banners to inform visitors about data collection and obtain their consent.

4. Activity logging - Comprehensive logging ensures you have a record of consent and data activity for auditing purposes.

Steps to ensure GDPR compliance in HubSpot

To maximise the effectiveness of HubSpot’s GDPR tools, follow these best practices:

1. Audit your data

• Identify what personal data you collect and ensure it aligns with GDPR requirements.

• Remove unnecessary data to minimise risk.

2. Update forms and workflows

• Use HubSpot’s GDPR-compliant forms with clear consent options.

• Create workflows to manage data access and deletion requests efficiently.

3. Customise your privacy policy

• Ensure your privacy policy is up-to-date and clearly explains your data practices.

• Link your privacy policy to forms and email footers.

4. Train your team

• Educate your team about GDPR principles and HubSpot’s compliance tools.

• Regularly review processes to maintain compliance.

5. Monitor and review

• Use HubSpot’s reporting tools to monitor data activities and identify potential issues.

• Periodically review your compliance measures to adapt to regulatory changes.

While GDPR compliance can sometimes seem complicated, as well as being a legal requirement for any business operating in the EU or dealing with EU citizens, the transparency around it can also help build stronger relationships with customers. 

By being clear about who you can legitimately send marketing emails to and creating contact engagement lists, you’ll be able to ensure that those you get in touch with are warm contacts and that your open rate/click rates are likely to improve. In a time when we’re all receiving more marketing emails than ever before, an unwanted email can sometimes do more than good in terms of company reputation and prospect nurturing. 

Want to go deeper on HubSpot and GDPR?

We help UK businesses get their HubSpot setup properly compliant - from consent workflows to contact data management and GDPR-ready processes. Start with our free HubSpot Health Check to see where you stand, or book a call if you'd like to talk it through with our team.

Take the free Health Check | Book a consultation