The UK Government has recently made a significant move that will benefit charities—especially in their fundraising efforts. The government has adopted an amendment to the Data (Use and Access) Bill (DUA), enabling charities to take advantage of the ‘soft opt-in’ exemption for email and text marketing. This change is set to level the playing field between charities and commercial businesses, and it has the potential to boost annual donations by a substantial £290 million, according to the Data & Marketing Association (DMA).

The amendment comes after a concerted effort by nineteen major UK charities and the DMA, and it’s a much-needed adjustment to current regulations. However, it’s important to understand how this change fits into existing legislation and what charities need to do to stay compliant.

What does the amendment mean?

The DUA will not replace the Privacy and Electronic Communications Regulations (PECR) or the UK GDPR. Instead, the DUA Bill proposes amendments to both regulations. Currently, charities need to meet the requirements of both PECR and GDPR, but the existing PECR rules prohibit the use of the soft opt-in for fundraising purposes when contacting individual subscribers.

Here’s a breakdown of how the current rules compare to the proposed changes:

Current PECR rules:

• A person’s contact details are collected during the sale or negotiation of a product or service.
• An opportunity to opt-out is given at the point of collection and in every subsequent communication.
• Marketing can only be sent about the organization’s own similar products or services (not third-party offerings).
• An opt-out option is provided in every communication.

Proposed rules for Charities:

• The primary purpose of the marketing is to further one or more of the charity’s charitable goals.
• The charity obtained the contact details during the recipient’s expression of interest or offer of support for those charitable purposes.
• The recipient has been given a simple means to refuse the use of their contact details for future marketing purposes, at the time the details were collected and in every subsequent communication.

What does this mean for Charities?

With these changes, charities will now be able to use the soft opt-in for fundraising purposes under PECR. However, they will still need to ensure compliance with the UK GDPR and satisfy a lawful basis for processing data. One important point is that charities cannot rely on consent as the lawful basis for using the soft opt-in. This is because the rules for consent require a clear affirmative action (e.g., ticking a box or signing a form), and the soft opt-in, by nature, does not meet this standard.

UK GDPR Lawful Basis:

The most likely lawful basis that charities will be able to rely on for fundraising activities is legitimate interest. Legitimate interest allows organisations to process personal data if they have a legitimate reason to do so, which isn’t overridden by the individual’s rights and interests. This requires a balancing test, ensuring that the processing is necessary and doesn’t unduly impact privacy. Charities will need to document this balancing test through a legitimate interest assessment (LIA).

What’s next for Charities?

While the amendment is a positive step forward, the exact date for when the DUA will take effect is still to be determined. As the bill continues to progress through Parliament, its implementation timeline will depend on the legislative process, including debates, potential amendments, and final approval.

In the meantime, charities must continue to follow the existing PECR rules. Under the current rules, charities can send marketing emails to businesses—such as companies, limited liability partnerships, and government bodies. However, sole traders and certain partnerships are considered individual subscribers under PECR, and therefore, they cannot be contacted for fundraising purposes.

How to prepare for the changes

With the upcoming regulatory changes, it’s crucial that charities take steps to ensure compliance with both PECR and GDPR. Here’s how charities can get ready:

1. Data Management: Charities should review their CRM systems to ensure they can handle multiple permission statuses for both new and legacy data. This may require upgrading current systems or implementing new software solutions.
2. Supporter Communication: Clear and transparent communication with supporters is key. Charities need to explain any changes in how they collect data and offer supporters easy options to opt-in or opt-out of future communications.
3. Compliance and Training: Staff and volunteers will need to be educated about the new rules. Training should focus on how to handle data appropriately and the specific conditions under which the soft opt-in can be used.
4. Balancing Interests: Charities must conduct a legitimate interest assessment (LIA) to ensure their fundraising activities do not infringe on individuals’ privacy rights. This balancing test will help charities determine whether the use of personal data for marketing is necessary and proportionate.
5. Monitoring and Review: Ongoing audits of data processing activities will be essential to ensure charities remain compliant with both PECR and UK GDPR. This will help identify any issues or necessary adjustments to practices as they roll out the soft opt-in approach.

Conclusion

This amendment to the Data (Use and Access) Bill is a welcome change for charities, offering a new pathway for fundraising that could significantly increase donations. While charities will need to continue abiding by current regulations until the DUA is fully implemented, the amendment provides them with an opportunity to expand their marketing efforts and engage supporters in more effective ways.

As the implementation date approaches, charities should begin preparing to ensure full compliance and make the most of this exciting new development.

ProvePrivacy

ProvePrivacy offers a discount on the ProvePrivacy platform for UK registered charities, book a demonstration is you would like to learn more.