This post is a part of Made @ HubSpot, an internal thought series through which we extract lessons from experiments conducted by our very own HubSpotters.
GDPR (General Data Protection Regulation) is an EU law that protects the personal data of EU users and regulates how businesses process and handle this data.
GDPR has been around since May 2018, and per the European Council ruling on October 1, 2019, businesses — including HubSpot — can only drop cookies once a user has given explicit consent (i.e., clicked “Yes” on a cookie banner).
In short, you can’t imply consent if users take no action on the banner and continue to browse the site. Before a site visitor has taken any action, you can only drop “strictly necessary” cookies — cookies that make your website function, such as a shopping cart.
Once the new GDPR ruling was introduced, businesses scrambled to understand how to become GDPR-compliant. This process raised another concern about how the regulation would impact the overall reporting process.
The HubSpot analytics team was no exception when it came to these concerns. We had to brainstorm innovative solutions that could help the team better track users’ data to provide a more intuitive website experience — while still remaining GDPR-compliant.
Before GDPR, HubSpot used Google Analytics (GA) for website reporting and insights for all HubSpot domains — specifically, to track various metrics related to page sessions, button clicks, freemium signups, campaigns, A/B testing, and more.
On October 26, 2019, in response to GDPR, HubSpot implemented a new and improved cookie banner, making our sites fully compliant with the GDPR and cookie consent laws in the EU. This action meant we couldn’t gather data on EU users that accessed a HubSpot website until they explicitly provided consent by clicking “Yes” on the cookie banner.
The table below highlights how HubSpot’s traffic was impacted by GDPR. These calculations are estimates based on how many users visit the HubSpot domains from both within and outside the EU.
% Traffic from Outside EU
% Traffic From EU
Impact on Overall Traffic Per Google Analytics
|HubSpot.com||83%||17%||Drop by 15-20%|
|HubSpot.de||13%||87%||Drop by 60-70%|
|HubSpot.fr||19%||81%||Drop by 55-65%|
|HubSpot.jp||99.86%||0.14%||Drop by 5-10%|
|br.HubSpot.com||97%||3%||Drop by 15-20%|
|HubSpot.es||86%||14%||Drop by 12-17%|
How HubSpot Adjusted Our Reporting Process After GDPR
The HubSpot Analytics team decided to use a mixture of HubSpot Analytics tools and Google Analytics to adjust for the new GDPR policies. Here’s how:
- We used HubSpot Analytics as a source of truth for reporting as HubSpot is GDPR-compliant
- We used Google Analytics to see all data trends.
- We used a multiplier to estimate the traffic we’d inevitably lose and not be able to track in either HubSpot Analytics or Google Analytics.
In response, we had to estimate the loss of those non-tracked users on the HubSpot website. We did that by calculating an estimation multiplier. Here’s how:
We assumed that our Accept (31%), Decline (6%), and no action (63%) rates remain the same for the short-term.
- We took into consideration historical traffic from GDPR/EU countries on every HubSpot domain from Google Analytics.
With this information, we calculated the multiplier for recovering the loss of traffic (based on users without cookies).
For example, for HubSpot.com, we got a multiplier of 1.17:
Users with Cookies
Users Without Cookies
Estimated Traffic Loss
For example, if reported traffic for hubspot.com was 1,000 after the GDPR implementation in Google Analytics (November 1 to November 30), the estimated total traffic would be 1000 x 1.17 = 1,150.
The above method has helped us to estimate traffic loss and minimize the impact of GDPR on our reporting, which has allowed us to keep using Google Analytics for better insights and reporting.
These simple adjustments in reporting using HubSpot Analytics and estimation for Google Analytics helped the HubSpot Analytics team get a better idea of our true website traffic — whether or not visitors took action on the cookie banners.
We hope these suggested methods can help you and your team adjust your reporting and minimize the impact of GDPR.