Many organisations (including some charities) have found to their cost that getting things wrong in connection with data protection can be very expensive. The Information Commissioner’s Office (ICO) has imposed fines of tens of thousands of pounds (and more) for breaches of data protection rules. It is therefore essential to ensure that your organisation is complying with data protection law in its marketing and fundraising practices. 

In relation to marketing texts or emails, the general rule is that organisations cannot send texts or emails to individuals without their prior consent. There is a limited exception to the requirement for specific prior consent. This is sometimes known as the ‘soft opt-in’ and relates to previous customers. This should only be relied on if you are sure you can demonstrate the necessary prior relationship, and if you give those individuals the option to opt-out of receiving future messages in every communication. 

The ICO, the body that upholds information rights, recommends that organisations use unticked ‘opt-in’ boxes on their marketing materials so it is clear people have taken positive action to demonstrate their consent to a particular action being taken. The alternative is a ticked ‘opt-out’ box, which an individual must untick if they do not want to be contacted or their personal data shared. ICO guidance states that "a pre-ticked box will not automatically be enough to demonstrate consent" as a positive informed choice has not necessarily been made. 

If your organisation is considering using or buying marketing lists prepared by third parties, you will be relying on indirect consent. Steps will need to be taken to ensure your list was compiled fairly and accurately reflects people’s wishes. Call lists should be screened against the Telephone Preference Service list. Best practice advice is not to use third party lists for text, email or automated call campaigns. The ‘soft opt-in’ does not apply to contacts on a bought-in, third party list.

An effective privacy policy, used properly, can be very useful in explaining your organisation’s approach to use of personal information. Please contact us if you would like to develop a suitable policy.

This issue and other issues in relation to data protection will be explored at our seminar on ‘Data protection for charities’ on Wednesday 29 April 2015, follow this link for further details.

Andrew Studd

Download Direct marketing campaigns and the data protection pitfalls.