We’ll preface this by saying that we’re not qualified to provide legal advice. Instead, we’ve collected helpful information to guide your data journey.
Data privacy is one of those terms everyone seems to throw around these days. It’s come to our collective attention as companies like Apple spark debate about the use of customer data in advertising and beyond. And it got even more attention with the overturn of Roe v. Wade and the potential consequences users might face if unauthorized third parties access their private information.
But how does data privacy affect the way you do business?
At its most basic, data privacy for businesses operating online refers to the way you handle your prospects’ and customers’ data, meaning the information they hand over to you in exchange for your products or services. Ie, let’s say someone downloads your ebook, and they need to fill a form with their name, company name and title, email address, and phone number. In this case, they know they’re consenting to you contacting them.
However, the mere fact of visiting your website and doing stuff in it is already sharing data they may not be aware of, like their IP address, where they clicked on your website, and other websites they visited. That’s how you get targeted ads on social media, for example. If you’ve ever Googled something and then scrolled through your IG feed and saw an ad for that very product, you’ll know how creepy it may feel.
That’s where data privacy laws come into play.
What are data privacy laws and what do I need to do about them?
Data privacy laws are regulations many countries have put in place to protect users from predatory practices. They’re meant to prevent companies from spamming people and selling information without the users’ consent, among other things.
Depending on where you live and operate, you’ll need to consider several different data privacy laws.
General Data Protection Regulation (GDPR)
GDPR is the strictest data privacy law currently in place. It applies to any business in the world that targets citizens or residents of the European Union. And it regulates how you collect, store, and use data.
Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN SPAM Act)
This US law regulates the use of email in business. If you use email marketing, you’ll have noticed that you always need to include an unsubscribe button in your footer. This law is the reason why, although the law includes many other elements, not just the option to unsubscribe.
Health Insurance Portability and Accountability Act (HIPAA)
The CDC defines the Health Insurance Portability and Accountability Act as “a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.”
Any company working in healthcare must comply with HIPAA.
Data privacy laws by sector
Similar to HIPAA, many other industries have their own privacy laws in place. This article by the NY Times outlines privacy laws by industry and US state — worth checking out.
Data privacy with HubSpot and Salesforce
Your HubSpot and Salesforce accounts are data depositories. And your integration’s success depends on the quality of the data you store. A data hygiene policy provides your teams with the framework they need to collect, store and use your customers’ data responsibly.
As we briefly mentioned earlier, there are data privacy laws regulating the use of data in business — primarily the GDPR and CAN-SPAM Act, which are the most stringent. If your business complies with GDPR, you’re pretty much covered.
HubSpot’s GDPR feature makes it easy to comply with this EU law. It includes features like a cookie consent banner, GDPR-ready submission forms, and the option to unsubscribe from email communications.
Furthermore, HubSpot has a feature that complies with the customer’s GDPR-protected right to request that you delete all of their data. It’s called the GDPR delete function and you can do it by going to the contact’s name > Action > Delete > Permanently delete this contact and all its associated content to follow privacy laws and regulations > Delete contact.
On the flip side, Salesforce makes it easy to comply with GDPR by:
Requesting user consent: Use Salesforce tools to request permission to store customer data.
Deleting user data: Similar to HubSpot’s GDPR delete feature, you can quickly remove a contact from Salesforce at their request — one of the most important rights protected by GDPR.
Restricting data access: Salesforce stores your data in a way that protects it from unauthorized access from within and outside of your organization. Ie, you can allow users access to data on a need-to-know basis.