The charity’s accounts and trustees’ annual report are published in full on the Commission’s website. In completing the AR18 Service, your charity will be processing personal data and in some instances personal data which is special category personal data. This personal data may be processed in response to the question set in the AR 18 Service or it may be included in the accounts and trustees’ annual report. Some personal data is required to be included by SORP but other personal data may be included because it is relevant to the charity’s financial performance or governance such as the names and other personal data about trustees, employees, donors, volunteers and beneficiaries.
The charity as the data controller is responsible for ensuring that its response in the AR18 service and the accounts and trustees’ annual report meet its obligations under the General Data Protection Regulations 2016 and the Data Protection Act 2018 for all the personal data processed. You will need to take particular care if you are including personal data about children, adults at risk, special category personal data or your charity’s trustees have a dispensation from including their name in the accounts.
For advice and guidance about what is personal data, what is processing and complying with data protection laws, please see the Information Commissioners’ website