The latest post in our blog series looking at the UK Financial Conduct Authority and Prudential Regulation Authority proposals to improve diversity and inclusion (D&I) in the financial services industry focusses on data protection considerations. Firms will need to give careful thought to their data protection obligations when considering their approach to the D&I data collection, reporting and disclosure requirements contained within the regulators’ proposals.

The regulators’ proposals on improving D&I in the financial services sector are far-reaching, and emphasise the importance of data in setting objectives, measuring progress, and comparing against benchmarks. The obligations on particular firms will vary depending on their size, but all firms caught by the proposals will need to ensure that their approach to meeting the new requirements – if they are implemented – is lawful. We consider here the mandatory and voluntary data that the regulators are proposing firms should collect and report, and the key data protection considerations they will need to have in mind when doing so.

The next post in this series will consider the practical steps firms can take to design and implement an inclusive culture.