For GDPR, we need to have our communication preferences (managed in hubspot as Email Subscription Types) available for our customers to easily opt in and opt out of.
Presently we are using the hubspot API to pull out the list of subscription types and determine a given user's selections. We use a different API request to update those preferences if the user subsequently wishes to opt out of that particular subscription.
It's a limitation on your side that we can't use this API to opt a user IN to a subscription type, which is not sufficient for GDPR, as we need to affirmatively opt in. See here https://developers.hubspot.com/docs/methods/email/update_status specifically the line:
Note: It is only possible to opt email addresses OUT of all emails or a specific email subscription type, and there is NO UNDO for this operation.
I can see in your GDPR page that you are planning to update your subscription preferences page to allow opt in:
Alongside that change, the HubSpot subscription preferences page will be updated to support the needs of the GDPR. Currently the subscription preferences page allows Ana to opt out of different types of communications. This page will be updated to support opt-in preferences.
Can you also confirm that you will be updating the subscription API end point to allow opt ins? If so, can you give an estimation of when this might be?