GDPR changes are coming – charities must have a say and focus on supporter education

19 October 2021
Data, Research and Analysis
Standard Content
An individual looking at html code on a laptop

Suzanne Lewis, founder of Arc Data, looks in this blog at the government’s consultation on data and at what implications this is likely to have on charities and fundraising.

With the government’s current consultation Data: a new direction looking at overhauling the UK’s data privacy rules, it’s clear we’re going to see some changes. And these changes may have implications for charity fundraising.

When he announced the plans, Digital Secretary Oliver Dowden said he wanted to see a ‘common sense’ approach taken to data usage. On his list was an end to cookie pop-ups asking for permission to store personal information. And he’s keen too to build new data adequacy partnerships with important global markets.

What’s more, the consultation includes government proposals to ease consent rules by extending “soft opt-in” to electronic communications. This would be extended for more organisations other than commercial companies, and where they have previously formed a relationship with an individual.

Certainly, getting data adequacy agreements in place with other countries is necessary so we can keep transferring data internationally.

Warning bells

However, these plans also ring warning bells. While we’ll gain partners, there’s a risk we could lose out elsewhere, and the new rules could pose a threat to EU citizens’ privacy. If so, the EU Commission has already stated that it will revoke its data adequacy deal with us.

And Dowden’s headline grabbing promise to end what he called ‘endless’ cookie banners signals that it’s not just GDPR in his sights, but also the Privacy & Electronic Communications Regulations (PECR), and even the role of the ICO itself.

Looking at the intent to reduce cookie banners in a little more detail, it sounds great but the proposal doesn’t offer a definitive solution.  Instead, it sets out two possible options.

The first would allow performance analytics cookies to be classified within the category ‘strictly necessary’, for which consent is not required. While consumers wouldn’t be bothered with pop-ups asking for consent, organisations would still be required to provide clear information about their cookie usage in their privacy policies. Other countries, including France, already operate in this way.

The second option would allow organisations to store limited information on, and collect information from, a user’s device under the reasoning of Legitimate Interest.  In effect, this could give consumers greater control through the data privacy settings on their devices.  

And for digital fundraisers there are also plans to allow charities to use soft opt in for email marketing and to potentially remove Article 22 entirely. In theory, this could reduce interactive friction, meaning there’s potential for simpler, smoother supporter journeys.

Offline communications

When it comes to offline communications, there’s a proposal to create a definitive list of ‘activities’ for which Legitimate Interest can be applied.

Here there’s clearly an opportunity for ‘fundraising’ to be included in this activities list. 

While there’s a lot to take in here, I’m only touching on some of the points covered in the consultation document. I would encourage you to read it for yourself to appreciate the implications for your specific use of data.

For me, the big question is whether the public understands what it will mean if the government opens up how their data can be used. The simple fact is most people don’t really understand, even now, what happens to their data.

Two key actions in advance of this overhaul of data laws then are:



Of course, this second point will inevitably lead to more people opting out. But communicating with people who don’t want to hear from us is a waste of time and money anyway. It also risks eroding trust and public perception of charities.

So how can we help?

A good starting point is to educate our staff, to ensure they really understand how data is used, the insight it provides – and the rules of data compliance.

To any member of the public who contacts us about how we use their data, or looks at our privacy notice, we need to explain as clearly as possible what we do with it, and highlight their rights. It’s so important that we tell them about the rules of Legitimate Interest (only for direct mail and live phone calls) as well as the tools at their disposal; the FPS, TPS and MPS, that are there to protect them. Tools they can use if they are unhappy about how an organisation is using their data.

The most important options to share are:

BUT we should also expand on these to help people appreciate what happens when they sign up to one of these tools.  Some are blanket tools that stop everything, even communications they might like and or find useful. It’s in both our, and the public’s, interest to be as transparent as possible.

With the government’s consultation open until 19 November, this is definitely something charities should take an active interest in for the sake of future communications and fundraising efforts. Regardless of this however, better educating the public is something we should all be doing.

For help on this and other aspects of data specific to charities, contact Suzanne Lewis, managing director of Arc Data.

Suzanne Lewis
Suzanne Lewis
Founder of Arc Data
Members Only Content