Hs_legal_basis property for GDPR


#1

Hi,
i need some help because i don't fully understand a point from the documentation.

We have introduced a flag on our legacy CRM to define if a contact is compliant with the GDPR.
The goal is to be able to define the "GDPR" status of the contact also when it is inserted directly into our system and than reflect the same status in HubSpot during the process of synchronization.
And in the same way delete a contact when the GDPR is revoked from HubSpot or from our system as needed.

The question is ... if the property to be altered is the one called hs_legal_basis

I saw this endpoint

{
"portalSubscriptionLegalBasis": "NON_GDPR "
}

but the information is linked to the email address and not to the contact.

While with this endpoint I can directly alter the value of the property hs_legal_basis

but I don't see a value similar to NON_GDPR.

is this the right property for give or revoke the consens?
is something else?

Because if I do an unsubscribe of the email, the documentation of the first endpoint says: there is NO UNDO for this operation.
While I thought that this value could be managed via API.

Thank you


#2

Hi @enrico.bianchetti,

Email subscription status is separate from a contact's GDPR consent status. Subscription status is tied to an email address, and it tracks whether or not an email address has been subscribed or unsubscribed from email. For example, if you've been given someone's business card and were told that they're interested in receiving communications, you could opt that email address into communications (presumably under LEGITIMATE_INTEREST_CLIENT). The subscription status tracks whether or not an email address has consented to receiving communications (or likewise revoked that consent).

This is not the same as the consent to process data, which is what the hs_legal_basis contacts property. This property is contact-specific, and tracks the legal basis you have for processing that contact's data.

The hs_legal_basis property can be managed via the Contacts API, while an email address can be subscribed/unsubscribed via the Email API.


#3

Hi @Derek_Gervais,
thanks for your reply.

I'm not sure to get the point.

is enought to be compliant with GDPR and send communications and manage the contact populate the property hs_legal_basis with "Freely given consent from contact" value?

The right to manage the property in this way via API was acquired from an offline process and stored in our legacy CRM.


#4

Hi @enrico.bianchetti,

I'm not able to advise you on whether or not you're compliant; you'll need to contact your own legal counsel for that. All I can help with are the technical details of the properties in question. The key distinction we've been talking about here is the difference between subscription status and the hs_legal_basis property.