HubSpot Gold Solutions Partner

Certified HubSpot Solutions Partner

HubSpot solutions partner

The Original Digital Marketing Idea Girl

HubSpot Gold Solutions Partner

Certified HubSpot Solutions Partner

Why You’re Getting “Delete My Data” Requests for Contacts You’ve Never Talked To

"

Read More

HubSpot Data Deletion

Responsible data use builds trust

Action needed: Enriched data delete requests pending

If you use data enrichment in HubSpot, you’ve probably seen an email like this land in your inbox:

Action needed: Enriched data delete requests pending
You got a request for a contact who has asked to delete their data from HubSpot’s commercial dataset.

And your first reaction is usually some version of:
“Wait… who is this person? They’re not even in our CRM. Why am I responsible for this?”

You’re not alone. Let’s unpack what’s actually happening, why the request may not be coming directly from a contact you recognize, and what “compliance” really means in today’s data-driven world.

Why this happens (even if you never emailed the contact)

When you use enrichment in HubSpot, you’re not just pulling data from your own forms or imports. You’re tapping into a commercial dataset—information that may have originated from:

  • Public web sources

  • Business directories

  • Partner data providers

  • Prior lawful collection elsewhere in the ecosystem

That dataset exists outside your individual portal, even though pieces of it may be surfaced inside your CRM.

So when someone requests deletion from HubSpot’s commercial dataset, HubSpot is obligated to honor that request—and notify any customer accounts where that data may have been used or referenced.

That’s why the request shows up even if you never spoke to the contact, emailed them, or knowingly added them yourself.

Why the request isn’t coming “from the contact” (at least not to you)

This is the part that feels unsettling at first.

Often:

  • The individual did not submit a form on your website

  • They did not email your company directly

  • They may not even know your business exists

What they did do was exercise a data-rights request—usually via:

  • A privacy portal

  • A data provider

  • A centralized request handled by HubSpot

HubSpot is acting as the data intermediary, routing the request downstream to customers who’ve benefited from that dataset.

That doesn’t mean you did anything wrong.
It means the ecosystem is working the way modern data privacy expects it to.

What “compliance” actually means in practice today

Here’s the important reframing:

Compliance is not about punishment. It’s about responsibility.

In practical terms, responding to these requests usually means:

  • Reviewing whether the contact exists in your portal

  • Removing or suppressing enriched data tied to that record

  • Respecting deletion or restriction flags going forward

  • Not re-enriching the same contact later

For most teams, this is a low-effort, high-integrity action, not a legal emergency.

And crucially:
This does not mean you must delete unrelated first-party data you collected lawfully, unless the request explicitly applies to your system and jurisdiction.

It does mean:

  • You don’t keep data you no longer have a right to use

  • You respect opt-outs that occur upstream

  • You treat personal data as something you steward—not something you “own forever”

The bigger picture: Responsible data use builds trust

Data enrichment is powerful. It saves time, fills gaps, and helps teams focus their outreach.

But power comes with responsibility.

Modern CRM systems are shifting from:

“How much data can we collect?”
to
“How well can we justify, govern, and retire it?”

Handling delete requests calmly, consistently, and without defensiveness is part of running a responsible business in 2026—not a sign that something has gone wrong.