A New Era for Data Use and Access in the Charity Sector

Making Sense of the Data Use and Access Act

The Data Use and Access Act 2025 is the UK’s latest move to strengthen and modernise how organisations handle data. For charities and non-profits, who often work with donor information, beneficiary data, volunteer details, and internal systems, this shift can feel overwhelming. But it doesn’t have to be.

At CLEA Technology, we support charities every day with IT systems, data security, and digital confidence. This guide explains the Act in plain English, helping you understand what’s changing, why it matters, and how your organisation can prepare.

What Is the Data Use and Access Act 2025?

The Act builds on existing UK GDPR rules, clarifying how organisations should collect, store, and access personal data. Rather than replacing GDPR, it reinforces key principles and introduces clearer expectations around transparency, lawful access to data, and the safe use of digital tools.

For charities, the focus is simple: use data responsibly, store it securely, and be transparent about how it supports your mission.

Why the Act Matters to Charities & Non-Profits

Charities frequently handle highly sensitive information. This might include personal stories from service users, donation records, details shared in confidence, or safeguarding information. The Data Use and Access Act strengthens the expectation that this information is treated with care and clarity.

One of the biggest changes is around transparency. Supporters and service users should be able to understand, without jargon, what data you collect and why. Clear communication builds trust, and trust strengthens your fundraising efforts and community relationships.

Another important shift is accountability. Boards, trustees, managers, and senior leaders are expected to take an active role in overseeing how data is used. This includes reviewing IT policies, checking who has access to what information, and ensuring internal processes keep pace with modern digital systems. The Act reinforces the idea that data governance is not “an IT issue” but an organisational responsibility.

The third key area is digital safety. Charities rely on CRMs, email services, case management systems, cloud storage, and shared drives every single day. The Act highlights the importance of making sure these tools are configured securely, staff understand how to use them safely, and outdated accounts or permissions do not linger. Secure systems reduce risk, protect beneficiaries, and keep the organisation compliant.

How It Connects to GDPR for Charities

Many organisations ask whether this replaces GDPR. It doesn’t. Instead, the new legislation supports and strengthens existing GDPR for charities by giving clearer guidance on how to apply key principles in real-world situations: using only the data you need, ensuring its accuracy, storing it for an appropriate amount of time, and protecting it from misuse.

If your organisation already takes GDPR seriously, you’re already on the right track. The Act simply raises expectations around clarity, access, and accountability — and gives charities a modernised framework to work within.

The Key Changes You Should Know About

One of the biggest updates relates to lawful access. The Act clarifies who is permitted to access personal data and under what circumstances. For charities, this means thinking carefully about staff roles, volunteer responsibilities, and how access rights are assigned within your IT systems. Old login accounts, shared passwords, or “everyone has access just in case” approaches will no longer be acceptable.

There is also a renewed emphasis on proportionate data use. Charities are encouraged to collect only the information they genuinely need to deliver a service or manage a fundraising activity. This reduces risk, improves transparency, and helps supporters feel more confident about sharing their details.

Another change relates to data sharing. Many charities collaborate with local authorities, delivery partners, healthcare teams, and corporate supporters. The Act doesn’t prevent you from sharing data when necessary, instead, it provides clearer guidance on when it is appropriate and what safeguards should be in place. Documenting your decisions and ensuring the right IT systems support secure sharing will be essential.

Finally, the Act supports the use of responsible technology, including AI, automation, and digital tools. These tools can make charity operations far more efficient, but they must be used ethically and safely. This is an opportunity for charities to innovate while making sure the right systems and cyber protections are in place.

What About Fundraising and the Soft Opt-In?

Recent clarification on the soft opt-in is good news for charity fundraisers. If someone has previously engaged with your organisation, for example by making a donation or signing up for an event, you may be able to send them relevant email updates without requiring a fresh opt-in each time. The Data Use and Access framework complements this by encouraging clear communication about how supporter data is used and offering simple ways for people to opt out. Better clarity means more confident fundraising.

How Charities Can Prepare Without Overwhelm

The most effective way to prepare for the Act is to take an honest look at how your organisation uses data today. Updating your privacy policy, reviewing how your teams store information, and ensuring your staff understand best practice will all go a long way.

It’s also helpful to review your digital tools. Are they secure? Are permissions set correctly? Are outdated accounts still active? These small checks make a big difference, especially as cyber threats continue to rise.

For many charities, IT feels like an additional challenge. That’s where CLEA Technology offers support providing secure IT systems, improving access controls, delivering cyber essentials training, and helping teams feel more confident about data security.

Conclusion: A Chance to Strengthen Trust and Modernise Your Systems

The Data Use and Access Act 2025 is a positive step forward for the charity sector. It encourages clearer communication, safer systems, stronger accountability, and more responsible use of data — all of which build trust with donors, beneficiaries, and the wider community.

With the right processes and IT support in place, adapting to the new requirements doesn’t have to be complicated. It’s an opportunity to modernise, protect your organisation, and show the people you support that their information is handled with care and integrity.

If you’d like help reviewing your systems or preparing your team for the changes, CLEA Technology is here to support you every step of the way.

CLEA works with small UK charities and nonprofits to improve their digital resilience through IT support.