The Information Commissioner's Office (ICO) has now published their eagerly anticipated updated guidance on direct electronic marketing, to help ensure charities comply with the new law on 'charitable purposes soft opt-in'
The introduction of soft opt-in represents an opportunity for charities to strengthen relationships with supporters and potentially facilitate greater fundraising. However, charities must avoid using the new provision in ways that could damage public trust and confidence in charitable fundraising. We urge all fundraising organisations to read the ICO’s new guidance to ensure their fundraising is both legal and respectful.
Fundraising marketing guide
Soon we will be publishing our own guide on fundraising marketing, which will include information about how charitable purposes soft opt-in can work in practice. The guide will include practical advice and helpful links to the ICO’s website, to support charities to comply with the Code of Fundraising Practice (the code) and the law in this area. It will complement the guidance from the ICO.
In the meantime, fundraisers can start using our updated guide on data privacy.
Updated guide on data privacy
Charitable fundraising organisations must ensure their fundraising activity complies with all applicable laws, including data privacy. Rule 1.1.1 of the code states “fundraising must be legal, open, honest and respectful”.
It is crucial to get things right when charities and their partner organisations are processing the personal data of supporters, donors, and beneficiaries. Failure to do so can be damaging to the people whose data is involved, to public trust in charities, and to the reputation of charitable fundraising. Charitable fundraising organisations may also risk enforcement action by the ICO if they get things wrong.
Given it’s almost a decade since the General Data Protection Regulation (GDPR) entered into force, we felt it was time for us to update our resources for fundraisers on data privacy. When GDPR was introduced in 2018, the Fundraising Regulator published six briefings, in collaboration with the Chartered Institute of Fundraising (CIOF) and the ICO, to help charitable fundraising organisations meet, what were then, new legal requirements.
Since that time, data compliance experience within many charities has grown; legal, regulatory and practical advice has become more available; and the UK has exited the European Union leading to, the now, UK GDPR being subject to domestic legislative change. Furthermore, the Data (Use and Access) Act 2025 (DUAA) has recently made changes to UK GDPR as well as to other data privacy legislation which is gradually now entering into force. Our updated guide takes all this into account.
The guide includes practical tips for charitable fundraising organisations to meet the code and the law when processing personal data. It links to the ICO’s website to help fundraisers access some of the most relevant regulatory guidance quickly and easily. It also reflects some of the most recent relevant changes to UK GDPR introduced by DUAA.
All charitable fundraising organisations should familiarise themselves with our guide to Data privacy and fundraising and put it into practice. It is advisory and in step with the ICO’s own guidance but is not an alternative to it. Always follow the ICOs guidance when processing personal data for fundraising.
Forthcoming guide on fundraising marketing and soft opt-in
We are delighted to have liaised closely with the ICO in the development of our updated data privacy and fundraising guide and as they have developed their own charitable purposes soft opt-in guidance. We will continue to work closely with them as we develop our own guide on fundraising marketing that covers the responsible use of charitable purposes soft opt-in.
Sign up to our newsletter for updates on when we will be publishing our new guide on soft opt-in and check out our wider suite of regulatory guidance and code support guides to help you comply with the code.