Data Protection Law Update: What Does the Soft Opt-in Mean for Charities?
Posted on in Data Protection, Charities & Social Enterprises
The Data (Use and Access) Act (DUAA) was passed by Parliament on 19 June 2025 and introduces targeted updates to UK data protection laws. While it does not replace the UK GDPR, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations (PECR), it amends key provisions – particularly around electronic communications by charities.
The change in law will enable charities to send direct marketing using electronic mail (emails, texts and social media messages) to individuals who either express an interest in or offer to provide support to the charity, without needing the person’s specific consent first. It will not affect the current law in relation to telephone marketing. These changes, aimed to be phased in between August 2025 and June 2026, aim to ease compliance burdens while maintaining safeguards for individuals.
Records of processing and lawful basis
The current position in law is that charities must not send marketing emails or texts to individuals without specific consent. The Information Commissioner (‘ICO’) has previously sanctioned charities for doing this as it amounts to a breach of data protection law.
It’s a legal requirement to document your processing activities and record what lawful basis you are relying upon for each type of processing. These are currently:
1. Consent
2. Contract
3. Legal obligation
4. Vital interests
5. Public task
6. Legitimate interests
Documenting your processing activities is a clear way to show what you are doing with personal data in line with the accountability principle and the ICO may require you to provide these records to them. Your processing will not be lawful without a valid lawful basis so you must justify your choice appropriately. Your organisation should have a formal, documented, comprehensive and accurate Record of Processing Activities (‘ROPA’) to meet the ICO’s expectations.
The change in law: the charity soft opt-in
It’s important to note that the charity soft opt-in does not grant blanket permission to contact all data subjects on your database. Charities must meet specific conditions, including obtaining contact details during a genuine expression of interest or support, and offering clear opt-out options at every stage.
The benefits
The benefit to charities is that data protection compliance for direct marketing will be less onerous, given that relying on specific consent as the lawful basis requires you to:
· Request that data subjects to positively opt-in without pre-ticked boxes or other type of default consent;
· Specify why your organisation wants their data and sets out what you’re going to do with it;
· Tell data subjects that they can withdraw their consent;
· Keep a record of when and how you got consent from the individual and what they were told at the time;
· Manage the consents by regularly reviewing them and acting on withdrawal of consent as soon as you can.
The charity soft opt-in will offer a less burdensome route to compliance compared to relying on specific consent, however it cannot be applied retrospectively – meaning charities cannot use it to contact data subjects already in their database unless the original data collection were to meet the new criteria.
Next steps – approaching the charity soft op-in with caution
Although the soft opt-in for charities hasn’t yet come into law, it’s a great opportunity to start planning ahead now by reviewing your ROPA and considering whether the soft opt-in is right for your organisation. It’s important to stay up-to-date with the changes and the ICO’s guidance which is under review: https://ico.org.uk/
The ICO has emphasised that charities must carefully consider how they balance the ability to contact data subjects with the data subject’s rights and freedoms. While the charity soft op-in may be legally available, it won’t always be appropriate. For example, contacting someone on your organisation’s database who previously sought confidential support could cause them distress or harm. The key will be to approach the soft opt-in with sensitivity, taking into account whether it is appropriate to contact an individual who has been in contact with your organisation. Considering their circumstances, emotional wellbeing and potential vulnerabilities will be relevant.
Checklist
You can use this checklist as a preliminary starting point to assess your organisation’s readiness for the soft opt-in and ensure your data protection activities remain compliant. For further guidance, please review the ICO website:
· We have a ROPA in electronic form so we can easily add, remove and amend information about our processing easily.
· We regularly review the ROPA against processing activities, policies and procedures to ensure that it remains accurate and up to date.
· We clearly assign responsibilities in relation to our ROPA.
· We regularly review the processing activities and types of data we process for data minimisation purposes.
· We have reviewed our existing electronic mail marketing processes and made sure we can accurately record a data subject’s marketing preferences.
· We understand how to carry out a legitimate interests assessment to help decide whether ‘soft opt-in’ would be appropriate for our charity
· We have plans to trail our staff, volunteers and contractors to understand and use ‘soft opt-in’ if it is right for us
How Tozers can assist your charity
Our team excels in providing tailored advice to Charities across Data Protection, Corporate and Commercial, Employment, Litigation and Intellectual Property matters. We also assist charities with governance and constitutional matters, restructures, charity law compliance, mergers, collaborations, and dealings with the Charity Commission, such as serious incident reports. Our expertise supports organisations in achieving their charitable objectives and maximising their impact for the communities they serve. We are a corporate Partner of CharityComms and are listed on their supplier directory.
As a top firm for client satisfaction, we have built a reputation as good listeners who can help break down complex legal jargon into words you can understand and are experts at advising on your specific situation.