Wednesday 29 Apr 2026 @ 10:20
Information Commissioner's Office
Printable version

Charities given new flexibility to contact supporters under data law change

We have yesterday published final guidance on the 'charitable purposes soft opt-in' provision, helping charities to understand and apply the new rules.  

  • Charities can now email, text and message supporters without prior consent under a new “soft opt‑in” if requirements are met 
  • Change expected to unlock new fundraising and supporter engagement opportunities 
  • Updated guidance on marketing using electronic mail sets out how charities can use this new provision. 

""

The change, which came into force as part of the Data (Use and Access) Act 2025 on 5 February 2026, means charities can send direct marketing by electronic mail, including emails, texts and direct messages on social media, to people who have expressed an interest in, or offered to support, an organisation’s charitable purpose, without needing to obtain consent first, providing strict requirements have been met. We have today updated our guidance on direct marketing using electronic mail which sets out how charities can use the provision and what safeguards must be in place.

The change is expected to open up new opportunities for the sector, giving charities a new way to engage with people who’ve already shown genuine interest or support for their work. 

The guidance follows a consultation last year that received more than 140 responses, helping us understand the breadth of the sector and the operational challenges charities face. The final updated guidance includes anonymised examples and additional clarity in areas raised by respondents, including how the provision applies to direct collections and the role of third parties. 

Emily Keaney, Deputy Commissioner, Regulatory Policy at the Information Commissioner’s Office, yesterday said: 

"This is a positive step for a sector that does so much for this country, giving them more opportunities to connect with their supporters, build meaningful relationships and promote their work. We know how important clear, practical guidance is for the sector, and we’ve listened carefully to the feedback charities shared with us. 

“Our guidance is designed to help organisations use the charitable purposes soft opt‑in with confidence, while making sure people’s rights remain protected. Used correctly, this provision can benefit both charities and the individuals who choose to support them.” 

We have worked closely with the Fundraising Regulator and the two organisations will continue to work together to help charities understand and apply the new rules. 

Gerald Oppenheim, Chief Executive, at the Fundraising Regulator yesterday said: 

“We welcome the ICO's new guidance on direct electronic marketing. Following the much-awaited introduction of charitable purposes soft opt-in in February 2026, this guidance provides valuable clarity for charities about how they may legally use the new soft opt-in provision, where it would be appropriate for them, their supporters and their cause. 

“Charities should familiarise themselves with the ICO's guidance before deciding whether to make use of charitable purposes soft opt-in for their electronic direct fundraising marketing purposes. The Fundraising Regulator is currently developing a new resource which will complement the ICO’s guidance to help charities comply with the new charitable purposes soft opt-in provision when used for fundraising marketing.” 

Charities are also reminded that, separately, by 19 June 2026, all organisations, including charities, must have a process in place for handling data protection complaints. A complaint can come from anyone unhappy with how their personal information has been handled. Full guidance is available on our website. 

Notes to Editors

  1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
  3. The ICO can take action to address and change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
  4. To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.

 

Channel website: https://ico.org.uk/

Original article link: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2026/04/charities-given-new-flexibility-to-contact-supporters-under-data-law-change/

Share this article

Latest News from
Information Commissioner's Office

Final storage and access technologies guidance published

01/05/2026 09:25:00

We have published our finalised guidance on Storage and Access Technologies (SATs), alongside an update on our online tracking strategy. 

The local elections and my personal data – what should I expect?

13/04/2026 12:20:00

With Parliamentary elections in Scotland and Wales and local elections across England due to take place in May 2026, we know many people have questions about how their data may be used.

One click too many? 75% of parents fear their kids aren't making safe choices online

08/04/2026 13:10:00

Three in four parents fear their child can't make safe online privacy choices, new research shows. Yet most rarely, if ever, talk to them about it.  

Here’s what jobseekers need to know about automated recruitment decisions

02/04/2026 16:20:00

From helping managers to review CVs to scoring online assessments, more employers than ever are turning to automation and AI in recruitment. 

 

Automated decisions can streamline the hiring process – with the right safeguards in place

01/04/2026 09:10:00

We are calling on businesses to review their use of automated decisions in the recruitment process to ensure the right protections are in place.  

 

Birmingham-based pendant alarm company fined £100,000 for making unsolicited marketing calls

27/03/2026 12:10:00

We have fined a Birmingham-based company £100,000 for making over 260,000 unsolicited marketing sales calls to numbers registered on the Telephone Preference Service (TPS), in a clear breach of law.

Joint statement from ICO and Ofcom on age assurance

26/03/2026 16:20:00

We have published a joint statement with Ofcom about the main areas of interaction between online safety and data protection as they relate to age assurance.

Open letter issued to tech firms to strengthen age checks and protect children’s data

12/03/2026 17:10:00

We have today published an open letter to social media and video‑sharing platforms operating in the UK, calling on them to strengthen age assurance measures so young children can’t access services that are not designed for them. 

Police Scotland fined £66k and reprimanded following serious data mishandling

12/03/2026 15:10:00

We have issued a £66,000 fine and a reprimand to Police Scotland for serious failures in the handling of sensitive personal information.