Today’s been dubbed #GDPR day by many who have spent the last two years poring over privacy notices, data protection statements and consent wording across the industry within UK. As a membership organisation, no doubt this would’ve taken up a huge chunk of time; time away from building meaningful relationships with your members, and developing your membership strategy.

Or so you thought.

The key to successful engagement with members around GDPR, I found, as a member of several organisations myself, was in understanding the relationship that the members have with the organisation. Where members have a weak level of interaction with the organisation (which primarily broadcasts information), it is not unexpected that you hear very little from your members, as they are consumers rather than contributors as such.

Similarly if you only send one or two emails a year to the members in total, it is unreasonable, and unnecessary, to collect ‘consent’ every 6 months.

Talking of the c-word, it has been a wide misconception that consent is a requirement of GDPR. As a membership organisation, your likely lawful basis for processing information would be legitimate interest, broadly speaking, for most communication, with a caveat that you weren’t sending them ‘marketing’ emails that, had you been on the receiving end of it, would’ve thought: spam! Giving members the option to opt out, or unsubscribe from emails are important, and a requirement as per PECR (which is soon due to be revised as ePrivacy), regulations surrounding direct marketing via email, and has been in effect for a number of years now. Just like the concept of consent as a lawful basis under the now obsolete Data Protection Act. However, at the heart of it all is what your members would reasonably expect to receive from you as part of their membership subscription (and what doesn’t fit that bill). This, then dictates what should be processing under legitimate interests, and not. Because surely if your members are paying to renew subscription to receive everything that is sent as part of the membership, then consent wouldn’t even begin to apply here. If you sending emails which don’t match your membership offerings, then you should ask yourself whether these things should be happening at all in the first place.

I received an email yesterday from a mailing list I signed up to 5 months ago, called Creative Multilingualism. It was titled ‘thank you for your support’, which, among the GDPR barrage of emails in my inbox, I opened with a sigh of relief. They understood, that the fact that I signed up to that mailing list because I consented to receiving their emails (that are relevant to their mission).

What is the message you want to send to your supporters?

Thank you for your support

Thank you for supporting Creative Multilingualism by subscribing to our newsletter.

Please note that we will only send you information and events relevant to Creative Multilingualism. Your email address is stored on a secure MailChimp server. We will never share your email address with anyone outside the Creative Multilingualism team, and you may unsubscribe at any time.

We have recently updated our Privacy Policy and Cookie Policy, you can access the latest versions on our website.

Many thanks,
The Creative Multilingualism team

Let common sense prevail, the information commissioner officer said on Radio 4 that they would be examining cases which would not meet the data owner’s expectations. If data is used in the way the data owner would reasonably expect, the common-sense approach then it is not likely that any action would be taken.

If you have any good or bad examples why not let us know by sending an email to

GDPRMembership ManagementSatoriMM