What’s changing & why it matters
The new legislation allows charities to send marketing communications to individuals whose contact details were provided through actions like signing a petition or making a donation, relying on implied consent rather than explicit opt-in.
Through the Data Use & Access Act, charities gain renewed eligibility to communicate under rules that previously only applied to commercial entities. Following GDPR, many charities shifted to a strict consent model, limiting their ability to reach large portions of their supporter base.
While some organisations may still opt to use consent in specific contexts or apply soft opt-ins narrowly, this update provides a valuable opportunity to engage more supporters and unlock new fundraising potential.
Important for responsible use ⚠️
This change only applies to newly captured contacts, meaning you cannot retroactively apply soft opt-in to existing data collected under a consent-based model; therefore, transparency remains essential. To build and retain supporter trust:
-
Include clear opt-out options at every data collection point and in every message.
- Update privacy notices to reflect your use of legitimate interest.
At NationBuilder, we’re proud to provide tools that support relevant, action-oriented communications, from our granular data filtering to dynamic email content. Aligning messages with supporters’ previous engagement, like event updates for volunteers or impact-driven campaign asks, ensures better engagement and minimises spam complaints or unsubscribes. The Information Commissioner’s Office has also highlighted that soft opt-in won’t be appropriate for all supporters, especially vulnerable groups, so assessing data use case-by-case is critical.
Five practical preparations
With the Data (Use and Access) Bill now law in the UK, here are five steps you can implement right away:
1. CRM audit & segmentation
Identify new supporter interactions - donations, event sign-ups, newsletter subscriptions, where soft opt-in applies. Ensure each form includes a clear opt-out option.
2. Privacy notice updates
Clearly state reliance on legitimate interest and use of soft opt-in in your privacy policies and capture forms.
3. Legitimate Interest Assessments (LIAs)
Document your legal rationale for using soft opt-in, especially when contacting sensitive or vulnerable individuals.
4. Tailored communication strategy
Craft messages directly linked to each supporter’s engagement history to keep outreach relevant and welcomed.
5. Ongoing governance & training
Train your team, monitor opt-out and bounce rates, and continuously evaluate whether soft opt-in is helping or hindering supporter relationships.
Working with our Enterprise Customer Success Managers in Europe, we’re here to help you confidently implement soft opt-ins and deepen supporter engagement, while staying compliant every step of the way.
Feel free to reach out for additional context.