As the 25 May approaches, one of the questions we’re commonly being asked is: “Do we need to get consent from our entire membership and marketing database before the GDPR comes in?” The answer is not a straightforward one but , in many cases, it is likely to be “no”.
For charities with a membership base, the good news is that you do not need to seek consent from your members to continue sending them information relating to their membership package (e.g. information on fees and renewals, membership rights, how you are using their membership fees and so on)
With all that said, you do still need to be careful with the marketing information that you’re sending.
Under PECR, you generally need specific consent to send marketing texts and emails to individuals. The exception to this is the “soft opt in” which allows you to send marketing texts and emails to previous customers about related products and services (for example, a nature charity sending bird-related promotions to a customer that has previously purchased bird seed or other bird paraphernalia).
Remember, though, that the “soft opt in” under PECR does not cover non-commercial promotions (for example, sending fundraising and campaign emails to an existing supporter). So when sending membership information to members, you need to be careful when straying into the realms of marketing that is not covered by the “soft opt in” under PECR (such as newsletters that extend beyond membership-related information to fundraising campaigns, for example).
For marketing not covered by the “soft opt in”, the ICO’s expectation is that you obtain refreshed consents if your existing consents do not meet the requirements of the GDPR.
Whether relying on consent or “soft opt in”, remember to give recipients an easy way to opt out / unsubscribe from marketing emails and texts.