Happened to be having an off the record chat to one of a legal bods and they reckon it would be classed as “soft opt in” and would be covered if supplying an “opt out” or unsubscribe option on each communication. I’m not paying for the official interpretation though, sorry.
Having attended some GDPR implementation workshops, one of the things GDPR was introduced to stop was implicit opt ins, which is why websites have had to stop the trick they used to do of having various opt in/out tick boxes that used slightly different language to convey meaning. So for example you might see 3 tick boxes that would say "I agree for my information to be used for..." and one tucked away amongst them that says "I do not agree for my information to be used for..." meaning to fully opt out the consumer/client would have to thoroughly read the questions and tick some but not others. People being people, they'd read the first couple and then tick all the boxes, thereby giving the organisation their consent without realising it. That's not allowed now, every opt in has to be a positive choice.
That said, organisations
are allowed to contact customers without specific consent if the customer might reasonably expect them to do so in relation to the service they are being provided with. In the case of my company, that means we are allowed to email a customer with order updates without an active consent (because why else would they give it to us) but we aren't allowed to market further things to them in the future. (EDIT: I should probably add we do still have to get a generic piece of consent about us acting as a data controller, but if the customer won't agree to that we won't accept their order in the first place)
We also have an ongoing debate with our legal advisors (a large, reputable firm who specialise in GDPR) about what to do about our marketing database. It stretches back years and predates GDPR consent but is very large and we're reluctant to write it off as a resource. We aren't allowed to email them to ask them to opt in, but it's possible we can send them a letter and ask them to do so. It's against the spirit of GDPR but possibly not against the letter of the law, but despite months of discussion even they can't give us a definitive answer, so it's a really murky area.
In terms of the Trust, if you're a
member of an organisation, particularly one you had paid to join, would you reasonably expect them to contact you about your permission for them to keep contacting you? My personal opinion is yes, you probably would, but I wouldn't want to make a call on that one way or the other without legal advice!