New rules on how charities submit their financial information and process personal data will be introduced next year
The Annual Return 2018
In September 2017 the Charity Commission launched a consultation about changes to the Annual Return for financial years starting on or after 1 January 2018 (AR18).
Depending on the size of the charity there are varying levels of reporting:
- All but the smallest of charities (those with an income of less than £10,000) must submit an Annual Return to the Charity Commission within ten months of the end of their financial year.
- Charities with an income exceeding £25,000 must submit a set of annual accounts as well as an independent examiner’s or audit report, and a trustees’ annual report, with their annual return.
- All Charitable Incorporated Organisations (CIOs) must submit an annual return and annual accounts. If a CIO has an income of more than £25,000, it must also submit an independent examiner’s or audit report, and a trustees’ annual report, alongside its annual return.
The consultation came in response to growing public interest in charities, particularly around salaries and overseas operations.
The Charity Commission have developed a new online system which aims to make the 2018 Annual Return easier and quicker for charities to complete. Smaller charities with simpler operating structures will have to answer fewer questions than larger, more complex organisations. Further, if a charity’s details remain up-to-date, they will simply need to confirm their accuracy rather than re-enter the same information.
The Commission is proposing to introduce a number of new questions in the AR18, including a section on executive pay, and the inclusion of a requirement, as proposed by the Home Secretary Amber Rudd, that charities provide details of the amount and source of funding they receive from overseas.
Other questions include how many central or local government contracts a charity has received, and what the value is; how much Gift Aid they have claimed; what methods of money transfer they use; and if the charity has a trading subsidiary.
Tips for filing your annual return:
Check out gov.uk/send-charity-annual-return for advice on how to submit your 2017 annual return.
Before you start, you'll need:
- Your charity's online services password
- Your registered charity number
- Registration numbers for any linked charities (if applicable)
Don't leave it to the last minute - failure to file on time is against the law.
Use the Charity Commission's online services to file your annual information - attempts to file by letter or email will not be processed and your charity's online register entry will be marked as overdue.
If you have all the information you need, completing your annual return should only take about 20 minutes - so get online, and file on time this January.
In May 2018 the European Union General Data Protection Regulation will come into force, introducing a new set of rules for organisations to process personal data. The regulations will apply across the board for campaigning, marketing, managing volunteers and recording information about service users.
All charities and businesses are required to comply. Start by arranging an audit of what personal data you hold, where it came from, and who you share it with, to get a sense of what you’ll need to do next.
It is also important that organisations train volunteers in data protection, the same way as they would employees.
Responsibility for privacy protection will not solely lie with the organisation or charity controlling the data, so it is worth reviewing your contracts with any third party processors. Also, make sure your systems are user friendly, so that users can access their own personal data at any time.
Finally, beware of data breaches - under the new regulations, the Information Commissioner’s Office has the right to impose increased fines and penalties.
Tips for GDPR:
- Decide what data to keep and what you need to destroy
- Set a budget for a Data Protection Officer and oversee the appointment
- Begin staff training to meet the requirements of the GDPR and to avoid data breaches