What do the upcoming changes to GDPR mean for charities in the UK? 

Data protection rules are evolving again.

The UK’s Data Use and Access Bill (DUA Bill) is introducing some practical changes to the way organisations like yours can collect and use personal data. This includes one key update to the lawful processing basis known as legitimate interest. 

If you’re wondering what this means for your communications, you're not alone. GDPR and legitimate interest can feel like a lot of navigate. Rest assured though, Donorfy is already set up for what’s coming.  

What’s changing in GDPR for charities? 

Let’s start with the big picture. The DUA Bill has been designed to simplify how organisations manage personal data. In short: the rules are getting clearer, and some of the admin is being stripped away.  

While the core principles of GDPR remain, this bill aims to make peoples’ lives easier, without compromising data rights. 

One of the most relevant updates for the charity sector is around legitimate interest - a lawful basis many charities use when engaging with supporters and stakeholders. 

Under current rules, using legitimate interest to process someone’s data (for example, to send them an email) means carrying out a Legitimate Interest Assessment (LIA). The Data Use and Access Bill aims to cut down on that paperwork. 

Introducing ‘Recognised Legitimate Interests’ 

A new category called recognised legitimate interests is being introduced. These are specific scenarios where you’ll no longer need to complete an LIA balancing test before processing data. Recognised interests include: 

• National security or public safety
• Emergency response
• Crime prevention or safeguarding
• Disclosures to public bodies or organisations with official authority

While these scenarios won’t apply to every charity, the bill also clarifies where charities can rely on legitimate interest more broadly - for example, when sending direct marketing or ensuring network security. You can view the full DUA Bill and explanatory notes here. 

Why this matters for your charity

Whether you’re running a campaign, updating your newsletter list or emailing supporters to say thank you, GDPR and legitimate interest is a lawful basis you may already be using. The DUA Bill makes it easier to do so, with fewer grey areas. 

You’ll still need to be transparent, fair and respectful of opt-outs, but this update makes it more straightforward to justify your approach (and get on with the job of doing good). 

Donorfy already makes this simple

Here’s the best part: you don’t have to wait for the Data Use and Access Bill to become law to start working in this way. We’ve baked GDPR best practice into the heart of the platform since day one! 

Donorfy already supports legitimate interest as a lawful basis for email communications, so you can confidently manage supporter preferences and record legitimate interest as your legal basis. 

Stay ahead, stay compliant

The changes to GDPR through the DUA Bill are expected to become law this month. But with Donorfy, you’re already ahead of the curve. Here’s a quick video of how it’s done: 

If you're a Donorfy customer and need further guidance, our support team are always on hand to help. It's quick and painless to configure legitimate interest in Donorfy, just get in touch. 

Not a Donorfy customer yet? See how easy it is to manage donor relationships and compliance with a CRM built for charities. Start your free trial today.