Direct marketing is defined as selling directly to the public as opposed to through retailers. This includes any solicitation of sales through text, email, by phone, post, or face-to-face.

You may think that as a church, you don’t engage in any direct marketing. However, the ICO advises that fundraising comes under this umbrella, as do newsletters which aim to promote the objectives of the church.

Fundraising, like any other form of data processing, needs to come under one of the six lawful bases defined by GDPR. The most obvious one that you may be able to demonstrate is legitimate interest; a full church member who regularly attends services can reasonably expect that they might receive communications about tithing, vision offerings or other fundraising activities.

So far so good. However, legitimate interest may not cover all the fundraising activities which you as a church may carry out. You will need explicit consent for fundraising if you cannot demonstrate that it is definitely a legitimate interest of the church, or if it is not something which the individual could reasonably expect as part of their relationship with the church. For example:

  • A church admin is running a marathon in aid of a non-Church charity and uses the church’s phone book to ask for sponsors
  • Alpha course attendees or first-time visitors to the church receive emails asking them to donate to a vision offering
  • A non-church member makes a donation and gives you their details for Gift Aid purposes; you then use these details to contact them about their spiritual life

You should also consider the upcoming Privacy and Electronic Communications Directive (or e-Privacy Directive), which contains further requirements. The e-Privacy Directive states that you must have explicit, opt-in consent to carry out electronic marketing, unless you can demonstrate that the details were obtained as part of a sale (or a donation) and the individual was given the chance to opt-out at that point. In this case you may continue to contact them so long as you give them the chance to opt-out each time,and they have not previously asked you not to contact them this way.

The same is also true for telephone fundraising, so long as you make sure you do not contravene the Telephone Preference Service, nor any individual’s contact preferences as set within the church.

For this reason, we recommend breaking your consent down, so that people can consent to your holding and processing their data for church purposes without consenting to fundraising, or vice versa. You should also ensure that every fundraising contact made electronically (i.e. by phone, email, text or similar) carries an option for the individual to opt-out.

You can read more about fundraising under GDPR here at the Institute of Fundraising website and here from the ICO.

You can read the draft text of the upcoming e-Privacy Directive here, and the ICO guide is here.

Terms and Conditions | Our Privacy Policy | Disclaimer