HubSpot's General Data Protection Regulation (GDPR) settings and tools apply to all portal operations because the GDPR concerns all European Union (EU) citizens, not just people in EU countries.
HubSpot and many other companies have put processes in place to be GDPR-compliant with all prospects and customers. There are at least two main reasons for this:
- It's impossible to tell with certainty whether a website visitor is an EU citizen or not. IP addresses may help determine a visitor's geographic location (it's far from perfect), there is no way to determine citizenship. As such, many companies have opted to treat all visitors as if GDPR applies. It's viewed as easier to implement and less risky from a legal perspective.
- Many companies suspect laws in the United States and other countries to change in the near future and align more closely with the spirit of the General Data Protection Regulation. Companies who implement a GDPR compliance policy now may gain a competitive advantage if North American privacy laws change.
In short, there is no way to limit HubSpot's GDPR settings to prospects and customers of EU citizenship.
While it is possible to create forms and workflows which only surface opt-in options to prospects and contacts who claim they are EU citizens, HubSpot cannot and does not condone these actions as legal.