Charities Must Avoid Damaging Public Trust when Using Soft Opt-In, Regulator Warns

The Data (Use and Access) Act 2025 marks a turning point for UK charities, granting a soft‑opt‑in mechanism that bypasses the traditional consent requirement for direct marketing. While the change promises more efficient outreach and the ability to react quickly to fundraising opportunities, it also forces organisations to reassess their data‑handling frameworks. By aligning with the new legal landscape, charities can tap into previously untapped supporter segments, potentially boosting donation volumes and volunteer engagement.

However, the regulatory caution is clear: exploiting soft‑opt‑in without robust safeguards can erode the fragile trust donors place in charitable institutions. The Fundraising Regulator’s guidance stresses fairness, security, and the six GDPR‑defined lawful bases, urging charities to document their processing rationale before any outreach. Practically, this means revisiting consent records, updating privacy notices, and implementing stricter access controls—tasks that smaller organisations may find resource‑intensive. The Chartered Institute of Fundraising’s warning about administrative burdens underscores the need for scalable compliance solutions, such as automated data‑mapping tools and staff training programs.

Looking ahead, the regulator’s forthcoming soft‑opt‑in handbook is expected to provide granular, step‑by‑step procedures, reducing ambiguity for fundraisers. In the interim, charities should integrate the current guidance into their data‑privacy policies, conduct regular audits, and engage with the ICO’s advisory material to stay ahead of enforcement actions. By treating data as a strategic asset rather than a compliance checkbox, the sector can harness the benefits of soft‑opt‑in while preserving the public confidence essential for long‑term sustainability.