Portal Owners access with GDPR


#1

After getting some legal consulting on the best practices for GDPR compliance while developing a Hubspot API integration, I was told that Hubspot User names and emails are considered private personal data.

This happens when a Hubspot User connects an integration to their HS Portal and the list of owners is fetched (GET /owners/v2/owners/). This endpoint returns names and emails of people that might not know about the integration.

How is this supposed to be handled?
Who is responsable for giving my integration this data? The user who made the connection?


#2

Hi @Luis_Braga,

Access to the Owners API is given by the admin that authorized your integration during the initial OAuth flow. I can't answer questions regarding your compliance with regard to that data; handling that information is up to you and your legal counsel.