With the commencement of key provisions of the Data (Use and Access) Act (DUAA) 5 February 2026, the charitable purpose soft opt-in under Privacy and Electronic Communications Regulations has officially come into force. The update coincides with the ICO activating most remaining DUAA data protection measures, alongside new enforcement powers and some updated guidance to support organisations in adapting to the changes.
For charities, the introduction of the soft opt-in represents a significant shift in how electronic marketing can lawfully be used. Charities may now send marketing emails or texts to individuals who have expressed interest in or offered support to the charity—without requiring prior consent—provided all legal requirements are met. These are explained in our blog Will change to laws on charity marketing boost fundraising? | Mills & Reeve
However, charities must proceed with care. The ICO is still finalising its guidance following consultation, and until this is published, the Fundraising Regulator is urging cautious implementation, particularly in more complex cases. Misuse risks breaching the Code of Fundraising Practice, which sets out that fundraising must remain legal, open, honest and respectful.
While the change presents welcome opportunities to reconnect with supporters and strengthen fundraising efforts, charities must ensure clear opt out routes, robust data handling, and cautious implementation to maintain public trust.
If you have any questions, please contact [email protected] or [email protected]
Our content explained
Every piece of content we create is correct on the date it’s published but please don’t rely on it as legal advice. If you’d like to speak to us about your own legal requirements, please contact one of our expert lawyers.