Lamplight logo
Talk to us

The Data (Use and Access) Act: Key Changes for Charities

The Data (Use and Access) Act came into law on 19th June 2025, but it doesn’t all apply immediately. You can read the full summary for organisations on the ICO page but we’ve picked out a couple of things that are especially relevant for charities. Of course, this isn’t legal advice, just some pointers.

The ‘Soft opt in’ for charities

You can send electronic marketing messages (email, sms etc) to people whose personal information you collect when they support, or express an interest in, your work, unless they object.  You need to provide a way for people to opt-out when you initially get their data, and in every message after that.

This will probably only affect new supporters, and you may need a way to distinguish between existing supporters (who’ll have given consent to receive messages) and new ones (if you are relying on this legitimate interest legal basis). In Lamplight, you may need to add a new custom field to the Contact details tab if you’re going to want to start taking advantage of this.

The ICO has some guidance, there’s a full write-up on from BatesWells solicitors that can be found on their website, and the Fundraising Regulator also has some updated guidance. There are some more technical points around it, so don’t think you can just send out lots of emails all over! But the change has been broadly welcomed and in time should make things slightly easier to manage.

Data Protection Complaints

From 19th June 2026, you must have a process for handling data protection complaints, including giving people a way to make complaints. You’ll need to acknowledge their complaint within 30 days, and promptly (“without undue delay”) investigate and tell people the outcome.

There’s updated ICO guidance on how to handle these, and some pointers from our lawyers, but we’ve not seen anything specific to charities.

A few pointers:

  • Just because you provide a web form or email address, doesn’t mean people will use it. If they complain in person, say, you still need to handle the complaint properly. That means all staff need some training to recognise the complaint and handle it correctly. Make sure they know how to escalate complaints, and to whom.
  • You may need a mechanism to check the identity of the person complaining. If they are complaining on behalf of someone else (e.g. someone they care for) you may need to check they have authority to do so.
  • If you handle children’s data or sensitive or special category data you will need to take special care, and may need to take legal advice.
  • Keep written records

If you are dissatisfied with the way that Lamplight have handled your personal information (i.e. information we hold about you), you can complain.

Photo by litoon dev on Unsplash

Sign Up to Our Email Community

If you have enjoyed this blog, sign up to our email community to receive our valuable charity-focused content straight to your inbox.

This field is for validation purposes and should be left unchanged.
Name(Required)
Email(Required)

Read our latest blogs...

The Data (Use and Access) Act: Key Changes for Charities

A quick overview of the Data (Use and Access) Act and what it means for charities, including soft opt-in rules for marketing and new requirements for handling data protection complaints.

LGBTQ+ Sector Updates: What’s New This Month

Catch up on recent developments across the LGBTQ+ charity sector, from stronger legal protections and new funding for homeless young people to the closure of a long-standing charity and ongoing policy debates.

What’s Happening in the Mental Health Charity Sector?

Explore the latest developments in the UK mental health charity sector, from funding pressures and policy changes to new initiatives supporting young people and underserved communities.

Supporting Families: New Investment in hopes of Real Impact

Significant new investment in the Parent & Family Support Charity Sector is driving a major expansion of Best Start Family Hubs across the UK. With a focus on early intervention, joined-up services, and targeted support for parents, the sector is taking steps to ensure more families receive the help they need, when they need it.

The Evolving Landscape of Women’s Support Charities in the UK

The UK women’s support charity sector is navigating a landscape of progress and pressure. While government investment and new initiatives signal positive change, many organisations continue to face funding challenges that impact frontline services.

Lamplight Achieves Cyber Essentials Certification

Lamplight strengthens its commitment to data protection with Cyber Essentials certification alongside ISO 27001.