The time has come again for all SRA-regulated firms to collate and submit their diversity data as part of the SRA reporting process.

SRA’s diversity reporting requirements

Firms will need to ask their staff to provide their diversity characteristics such as ethnicity, age, gender identity and educational background. This process is part of the SRA’s bi-annual collection of data from the firms it regulates. This data then feeds into an analysis and report by the SRA on diversity in the legal profession, and also the SRA’s law firm diversity tool (accessible here) which allows users to see the representation of various groups within partner, solicitor and other staff roles in law firms.

Firms will need to move quickly: the window for submitting the data to the SRA is opens shortly on 26 June 2023 and will close four weeks later on 23 July 2023.

What do firms need to do?

SRA-regulated firms need to submit their data to the SRA and in many cases will also need to publish it on their website.

Given the time-consuming nature of the process, and the many pitfalls which firms may encounter, it is important that all SRA-regulated firms take action as soon as possible. 

Failure to provide the necessary data to the SRA before the deadline could lead to enforcement action and potentially sanctions such as a rebuke or a fine.    

What has changed since 2021?

The format of the SRA’s template questionnaire is similar to that used in the last reporting round in 2021.  There has been a change to the solicitor partner category this year, in that SRA-regulated firms will need to report separately for full equity solicitor partners and salaried or partial equity solicitor partners. There has also been a slight change to the question on parental occupation to align with Social Mobility Commission guidance.   

Collecting the data

There are a number of points to consider when collecting the data for your firm:

The collection and compilation of the data can be outsourced, but firms should note that this also raises its own GDPR and regulatory issues.

  • GDPR: The collection of diversity information will involve the processing of additional employee personal data, including “special category” (i.e. sensitive) personal data such as ethnicity and disability characteristics.  As a result, there are a number of compliance issues that need to be addressed to ensure the data can be processed lawfully. We have summarised these below:
    • Lawful basis – firms should decide on the lawful basis upon which they will carry out the processing. Legitimate interests or compliance with a legal obligation could be relevant. If relying on legitimate interests, a “legitimate interests assessment” should be carried out. Generally, there are issues with relying on consent in an employment context and this should be avoided to the extent possible.
    • Art. 9 GDPR condition – as special category data will be processed, an Article 9 condition needs to be in place. Depending on the condition relied upon, it may be necessary to put in place an “appropriate policy document” under the Data Protection Act 2018.
    • Data Protection Impact Assessment (DPIA) – as the processing will likely involve collecting large amounts of special category data, firms should carry out a DPIA. This involves identifying the risks involved with the processing and the safeguards that can be put in place to mitigate those risks.
    • Transparency – staff privacy notices should be updated to include details of the purposes of the processing and lawful basis upon which it is based, as well the fact that data may be disclosed to the SRA, if this is not already in place.
    • Security – firms should put in place controls to ensure that only members of staff who need to access it are granted are given access.
    • Deletion protocol – firms should update their data deletion policy to account for this new collection of data.
    • “Anonymisation” – firms should not assume that just because no directly identifiable information (such as names and email addresses) are included in responses that this makes them “anonymous”. Care should therefore be taken if publishing results to make sure these cannot be used to identify specific employees.
  • Identifying whose data should be collected: Firms should take care to ensure that they request all employees to complete the questionnaire, including those on maternity leave or on sickness absence leave if they are in contact with the firm.  Secondees should also be included, but not employees who are usually based outside England & Wales.
  • Categorising each person’s role: Each member of staff will need to be categorised as one or more of a large number of categories such as solicitors, partners, legal executives, assistants, support staff, trainees and employed barristers.  If you feel it would be unclear for those in certain roles, you may wish to clarify which category those job titles will fall into.
  • Using the data for global diversity surveys: It is increasingly common for global firms to aggregate diversity data across all offices.  This will invariably require the transfer of personal data outside of the UK and potentially outside of Europe.  It is crucial that the recipient of the data has arrangements in place to comply with the GDPR and the Data Protection Act. 

Submitting the data to the SRA

The diversity information, once compiled, should be submitted to the SRA via the portal on its website.

Submitting the data to the SRA is a regulatory requirement under the Code of Conduct for Firms and the SRA may take enforcement action if firms fail to do so by the 23 July 2023 deadline.       

Publishing the data

SRA-regulated firms are expected to make their diversity data available to all employees and externally (subject to compliance with data protection legislation). The data may be published on the website, or placed on posters in break rooms, included in internal or external newsletters, bulletins etc.

The SRA expects most firms to publish their diversity data on an anonymised basis, but many firms (or their UK offices of larger firms) will be too small to ensure that the data is truly anonymous.  There is no need to make a formal application to the SRA to waive the publishing requirement if a decision is taken not to publish data for this reason, but it is important that the rationale for that decision is adequately recorded.

Next steps

Further information about the process can be found on the SRA’s website at: Fox Williams can also advise on the process.


Register for updates

Related sectors



Portfolio Close
Portfolio list
Title CV Email

Remove All