'Inbound & Down' S03 E12: GDPR: What It Is, And How You Can Prepare

Sage Levene

Sage Levene
Published May 22, 2018

White text that says Season 3 Episode 12: GDPR: What It Is, And How You Can Prepare on an orange and purple gradient background

On this episode of 'Inbound & Down,' co-hosts Jon Sasala and Danielle Esposito discuss the European Union's new regulation GDPR and how to ensure your business is ready when it goes into effect on May 25, 2018.


GDPR, which stands for General Data Protection Regulation, is being implemented in the EU beginning on May 25.

It’s been in the works since 2012, and serves as a replacement for the 1995 Data Protection Directive, which is more lax, and grants individuals less control over their personal data.

What does GDPR mean for a user in the EU?

Businesses now need documented, explicit consent from users (also known as "data subjects") to legally send them emails. No more hidden or automatically checked boxes and automatic subscriptions when products are purchased or forms filled out, either.

Users can now also demand a company divulges exactly what data it has on them, and request the deletion of said information.

What does GDPR mean for businesses worldwide?

If you’re a business located in the EU, or market to clients there, you'll need to make some changes to the way you collect contacts and manage their info to be compliant.

Under GDPR, you can’t send an email without Lawful Basis for processing. This essentially means you need a legal reason to possess their data. This includes consent with notice (the person opted in and was aware), performance of a contract (a product was delivered, and you’re sending a bill, etc.), and legitimate interest (related products to something previously purchased).

Businesses must now keep detailed records of when users consented and divulged their data, as individuals can also request to know what data you have on them, and to delete it. If you do not have a detailed record of how or when the data was obtained, there are legal ramifications, including fines and potentially lawsuits, depending on the situation.

As modern professionals, we should consider this an exciting change of practice and yet another way to satisfy our customers—by placing them in control of their own data.

What are businesses doing to prepare?

Here at Morey Creative, we’ve extensively reviewed all of HubSpot’s tools to ensure that any of our clients affected by the regulation are fully compliant come May 25.

We spoke with a company we work with called ZoomInfo and inquired how they’re preparing for GDPR, too. ZoomInfo is a SaaS (software as a service) company providing access to its database of millions of unique and active contacts. It offers a free, and a paid service.

The free service grants access to a limited number of contacts per day once you install a plugin that reviews the emails sent from your server and retains its associated names, emails, signatures, titles and other identifiers. In return, you exchange updated contacts and information to populate their database. With the paid service, you can download as many contacts as wished, and your system doesn't get scrubbed for the contacts.

Brett Kopola, an enterprise account executive for ZoomInfo, explained to us how they’re evolving their service to be compliant. He added that his company is absolutely prepared, having been considering these regulations for some time now. How are they preparing, you ask? Simply launching a second version of the paid product that excludes those residents within the EU.

Whether your approach is similar to ZoomInfo's or you amend your current processes of data collection, make sure your business is compliant by May 25. It’s never to early to prepare, as it could eventually make its way to the United States.  

This is only a general overview of GDPR and how it could affect you and your business. For more depth, listen to this episode and visit all of HubSpot’s extraordinary resources, linked below.

Key Takeaways From This Episode:

  • GDPR makes it illegal to subscribe people to things they do not explicitly ask for, and requires documented consent.
  • This affects anyone in the European Union, or with clients there.
  • Visit the HubSpot GDPR page for plenty of other resources to prepare you for May 25.


Questions about GDPR compliance? Comment below, or email us at inbound@moreycreative.com.

Recent Articles