We might not have a date for it yet, but new data protection legislation is coming that will change some of the GDPR and PECR rules we’re familiar with. We are already aware of a number of changes, but it’s worth reminding ourselves as to what these are likely to be; after all forewarned is forearmed. For fundraisers, the changes are generally a loosening of some of the current restrictions we work under.

Essentially the incoming Data Protection and Digital Information (DPDI) bill – a so-called ‘common sense-led UK version of GDPR’ – is all about reducing ‘unnecessary’ paperwork and costs for organisations, particularly smaller ones.

Changes to soft opt-in rules

One change that could be helpful is the new ‘soft opt-in’ rule for charities using email.

At the moment under PECR, soft opt-in applies to commercial organisations only. It lets them contact people without their explicit consent with marketing emails or texts – providing it’s for similar goods or services to what they’ve offered them before. Charities, on the other hand, must have people’s full consent before they can send them emails.  

Under the new bill, the soft opt-in rule will be extended to non-commercial organisations, enabling charities to contact existing supporters via text or email who haven’t overtly opted in to this. As with commercial organisations, this only currently applies to messages about similar goods or services. So, if someone signs up for a petition for example, then you can email them about that one, but not engage in comms about a different petition. There must also be a simple way for them to opt out of any further communications.

The main question here is what constitutes a similar or related product or service in the charity world, and this is something that will need clarifying before we rush out and adopt it. In addition, if using the rule, it will be important to ensure privacy policies cover this activity, so that people know what they can expect from you.

Clarification of legitimate interest as a basis for processing personal data

The new bill also clarifies that recruiting and retaining supporters (and customers) through direct marketing is a legitimate interest. This is useful because while direct marketing has always been recognised as such under UK GDPR, it’s been something of a grey area leaving uncertainty over just what it covers. As a result, many have opted to err on the side of caution and use the basis of consent instead, limiting their ability to find new donors and customers.

Fundraiser responsibility

Going forward, these changes will be a good thing as long we tread carefully. We all aim to be responsible in our actions, so even if the law changes to provide more scope in how we contact people, it’s still essential to consider what’s right for the people we intend reaching out to.

And even if activity doesn’t require consent or a Legitimate Interest Assessment (LIA), going through that process of checks is a great way of ascertaining whether your proposed activity is the right thing to do. It may confirm that it’s minimal risk that you can either accept or find a way to mitigate, or it might tell you it’s not a good idea so you can take a step back and think again.

So with every activity make sure you’ve covered all the bases, dotted the Is and crossed the Ts, by which I mean:

–     You’ve considered your audience’s needs and expectations

–     You’ve made it clear in your privacy policy that you contact people this way and why

–     You provide the opportunity to opt out from future communications and keep on offering this every time you contact them 

And don’t forget – always test before you go big with anything!

Learn about how Arc Data supports charities with these and other data challenges here. Or book an appointment for a chat with Suzanne about your data issues.