Email marketing always needs consent – right?

Well, actually no.

This topic has come up with two clients in very recent times, and will form part of a ‘Data Protection for fundraisers’ free webinar later in the Autumn (TinoPai members can see the dates and register using the link and non-members can register for free using the same link).

Since 2003 and PECR, the regulations have stated that you must have consent in order to send marketing messages to individuals by email or SMS. The only change that UK GDPR made was to define valid consent to be ‘opt in’ whereas pre May 2018 ‘opt out’ was allowed.

However, they may be times when consent is not needed, providing you have chosen and can justify another lawful basis for processing.

It’s not always straightforward, but situations may include:

  • Emails to corporate subscribers
  • If you can justify using ‘Soft Optin’ (normally not an option for non-profits, but this may change in the upcoming Data Protection and Digital Information Bill)
  • Emails which are not defined as marketing, and examples might include purely service or transactional emails

This is one of the most misunderstood areas of data protection, and so I hope that you are very clear about your situation. If not, then I recommend that you sign up for the webinar mentioned above, but since that is not until October, you also enquire about our popular Data Protection Review which highlights any areas that need addressing, and offers a prioritised action plan. You can contact us in the normal ways, use the contact form at or book a free 20-minute insight call at