Charity Insurance | Social Enterprises | Voluntary Organisations | Community Groups

Voluntary Groups and Exemption from ICO Registration

Non profit groups are often responsible for holding data on their service users and volunteers and in many cases, the data they hold would be classed as sensitive by the Information Commissioners Office.  This is particularly true of groups whose purpose revolves around a medical condition.

For many years, the Information Commissioner did not focus on the third sector and fines for a charity were unheard of.  However, in the last 5 years, this landscape has changed with six figure fines being issued to some charities and others making undertakings to improve systems and training or having an enforcement made on them by the data regulator.

One question we have heard from clients in the third sector is whether they need to register with the ICO in the first place.

There are some exemptions in place for ‘not-for-profit’ groups.  Typically groups that fit the criteria are small community groups, small sports clubs and a small number of registered charities.

To see if your group fits the exemption criteria, it is wise to get professional legal advice.  This is because the criteria are not very broad.  As an example of the intricacy of the guidelines for exemption, if you handle the data for the same individual service users on an ongoing basis, this is generally OK.  However, dealing with data for more ad hoc service users will not meet the criteria, even if the volume of data is small.

Even if your group is exempt from registration, it is still important to comply with the eight data principles designed to ensure good practice with all handlers of data.

You might also want to consider whether your charity has a need for cyber insurance which can offer some protections in this space.