Is your Hubspot COS website GDPR/Cookie consent compliant?

Here’s a Google Tag Manager and Hubspot quick fix!

Under the Cookies, GDPR, and ePrivacy Directive – websites serving EU visitors need to ensure that users opt in to receiving tracking cookies on their device.

This means adding an acceptance or opt out button to your website that will set a single cookie declaring if a visitor has opted out of cookies or not.

Often little or nothing changes when a visitor declines cookies on a website. Cookies are still active, and third-party scripts are being loaded – this level of non compliance, if caught carries a hefty fine.

What are Tracking pixels and cookies?

Tracking pixels allow you to “cookie” or record a visitor to your site. You can learn about their behaviours though analytics platforms, and match their user profile to other platforms or services that offer advertising.

EG, a Facebook pixel on a website allows you to remarket to a visitor and show them an advert on facebook that relates to their visit to your website.

Tracking pixels are best managed through a tag manager like Google’s GTM, as by placing one line of code into your website you can easily manage and control what universal pixels and conversion pixels are fired by what actions or which pages of your website.

Without a tag manager, it can be difficult to track a users journey and to measure conversion to specific goal events – like purchasing a product.

Without triggers, it is hard to switch advertising off, or progress advertising down a path.

Google Tag Manager

In the simplest setup you create tags – a bundled up pixel code, and triggers to make them appear.
A trigger can be as simple as visit any page, or as complex as clicked on a specific link, read an article or downloaded an item.

Google Tag Manager + Exceptions for GDPR

A little handy tool within Google Tag Manager is exceptions to triggers.

If we create an exception trigger, related to our website visitors opting out of cookies, we can then block off all other triggers – therefore remove all other cookies and tracking pixels.

Google Tag Manager + GDPR + Hubspot

Hubspot has a convenient cookie banner module. It allows you to create an opt it banner for your visitors which will set the only cookie you can pass to them, a cookie declaring if they have accepted or opted out of cookies.

Here’s the BUT.

On the back end, the module only switches off Hubspot’s universal tracking codes, so if you have Google Tag Manage enabled, we’ll need to create that exception to switch off the rest of your pixels in Google Tag Manager.

Hubspot’s cookie that’s used to keep track of the visitor’s choice, is an _opt_out_cookie with the value “yes”.

We’ll use this as the exception to block our tags.

Step one, create a new variable in Google Tag Manager that will contain the value of the cookie.

  • click Variables in the left hand menu and at the bottom find User-Defined Variables
    click new.
  • In the pop-up that appears, choose “1st Party Cookie”
  • Give the variable a name and enter the name of the cookie you are going to read

Step two, create a new trigger

The variable we just created will now be used in a new trigger. A trigger listens on your page (or app) to certain types of events: forms that are sent, clicking on buttons, loading a page. A trigger also ensures that a tag is loaded or blocked when certain conditions are met or just not.

  • Under Triggers, choose > New
  • In the pop-up choose the type ‘Page view’ and then choose “some page view”

We set up our trigger as follows:

  • In the first field select our newly created variable __hs_opt_out
  • In the middle field we have chosen “contains”
  • In the right field we entered “yes”

If there is no cookie called “hs_opt_out_cookie” or if the cookie contains “yes”, the trigger will fire as an exception and block the other triggers.

Step three, add your newly create trigger as an exception to all the tags you are currently firing.

As a final check, use the preview function of Google Tag Manager and check your changes with an incognito tab of your browser, where the cookie opt out prompt is still yet to be triggered or set.

Your site should now have no tracking enabled, when a user opts out of cookies.


One thought on “Is your Hubspot COS website GDPR/Cookie consent compliant?

  1. This no longer matters to me, Nick, but I love that you a) explain it very well, and b) explain how to address it. It’s why I keep coming here.

I would love to hear your views!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: