ESHOPMANESHOPMAN Logo
Our Blog

GDPR Compliance in HubSpot Chatflows: Controlling External Scripts & Data Collection

GDPR Compliance in HubSpot Chatflows: Controlling External Scripts & Data Collection

Running chatflows within your HubSpot platform can be a powerful way to engage with customers, but it's crucial to ensure you're doing so in a way that respects their privacy and complies with GDPR. A recent HubSpot Community discussion highlighted concerns about chatflows potentially connecting to external services like Google or LinkedIn without explicit customer consent. Let's break down the issue and explore how to maintain control over data collection.

Understanding the Concern: Unwanted External Scripts

The original poster raised a valid point: after implementing a chatflow, they observed scripts running that seemed to connect to external services. This sparked concerns about uncontrolled data collection, especially regarding GDPR compliance. The core question was: how can companies prevent these external scripts from running through chatflows?

Identifying the Source of the Scripts

A HubSpot expert clarified that the chatflow itself doesn't inherently add Google or LinkedIn code. The likely culprits are ad pixels set up in HubSpot Ads or scripts added to your page through tools like Google Tag Manager. It's essential to investigate your existing integrations and tracking code setups.

Here's a breakdown of how to investigate:

  • Review HubSpot Ads: Check your HubSpot Ads settings for any configured ad pixels (e.g., Google Ads, LinkedIn Ads). These pixels can trigger external script execution.
  • Inspect Google Tag Manager: If you use Google Tag Manager, carefully examine the tags and triggers you've configured. Ensure that only necessary scripts are firing and that they respect user consent.
  • Temporary Disable HubSpot Tracking Code: As one community member suggested, temporarily disable the HubSpot tracking code (ideally on a specific test page) to see if the scripts disappear. If they do, HubSpot is the source.

Leveraging HubSpot's Cookie Banner and Consent Settings

HubSpot provides tools to manage cookie consent and data processing. The original poster suspected that disabling cookie consent switches might prevent the problematic scripts from running, and testing confirmed this suspicion. HubSpot's cookie banner is a critical component of GDPR compliance.

Here's how to leverage it:

  1. Ensure the Cookie Banner is Activated: Make sure you have a cookie banner enabled on your website. HubSpot offers built-in functionality for this.
  2. Configure Consent Settings: Carefully configure the consent settings within HubSpot. Determine which scripts and tracking mechanisms require explicit user consent.
  3. Test Thoroughly: After making changes to your cookie banner or consent settings, thoroughly test your website to ensure that scripts are only running when appropriate consent has been given.

Step-by-Step: Controlling Scripts with Cookie Consent

Based on the community discussion, here’s a practical approach to controlling external scripts:

  1. Deactivate All Consents: As a starting point, deactivate all cookie and data processing consents within HubSpot.
  2. Monitor Script Behavior: Observe whether the problematic scripts are still running. If they've disappeared, you've confirmed that the consent settings are controlling them.
  3. Re-enable Consents One by One: Gradually re-enable consents, one at a time, while continuously monitoring script behavior. This will help you pinpoint which specific consent setting is responsible for triggering the unwanted scripts.
  4. Adjust Settings: Once you've identified the culprit, adjust the settings for that specific consent type to ensure that it only runs when appropriate consent has been given.

This iterative approach allows you to isolate and control the scripts that are running on your website, ensuring GDPR compliance and respecting user privacy.

Ecommerce store creator considerations

If you are using an ecommerce store creator, you need to make sure that the shop itself is GDPR compliant as well as the Hubspot chatflows. Check with your store provider what they offer in terms of GDPR compliance.

ESHOPMAN Team Comment

This HubSpot Community discussion highlights a crucial aspect of using marketing automation tools responsibly. While HubSpot offers powerful features like chatflows, it's up to users to configure them in a way that respects privacy and complies with regulations. The iterative approach of disabling and re-enabling consents is a practical way to troubleshoot and gain control over script behavior. Don't blindly trust defaults; always verify and customize settings to fit your specific needs.

Ultimately, maintaining GDPR compliance within HubSpot chatflows requires a proactive approach, combining careful configuration of consent settings with thorough testing and monitoring. By taking these steps, you can leverage the power of chatflows while upholding user privacy and building trust with your audience. If you are setting up an start up online shop, ensure that you are compliant from the start.

Share: