SRA Diversity Survey 2023 – What You Need to Know

Updated 1 June 2023

The Solicitors Regulation Authority (SRA) has announced that its mandatory diversity survey will be due in the summer of 2023. The SRA will open the survey on 26 June when they will email firms with a link for reporting.

The SRA has given a reporting period of four weeks – the deadline is 23 July 2023. Firms should have received an email on 18 May with information on reporting.

Which size firms are required to report diversity data?

All firms, of any size, even sole practitioners will have to collect and report the data to the SRA. However, in-house lawyers will not need to report.

How do firms collect the SRA’s diversity data?

In order to make this mandatory report to the SRA, firms will need to collect diversity data, based on a questionnaire, from all staff. The firms will then have to collate the data and organise it by specific job roles before submitting it to the SRA.

You can use the SRA’s Word version of the questionnaire or VinciWork’s SRA diversity survey data collection tool.

Who is responsible for collecting diversity survey data?

The entity responsible for collecting diversity survey data within your organization is the Compliance Officer for Legal Practice (COLP), who is responsible for ensuring compliance with all SRA diversity requirements. It is possible to delegate or outsource this responsibility if necessary.

When does the SRA Diversity Survey need to be completed in 2023?

As for the deadline for completing the SRA Diversity Survey, the question set for the 2023 survey has already been released, but the submission portal has not yet been announced. However, it is anticipated that the submission window will be open between July and August of 2023. Therefore, it is recommended to begin collecting diversity data as soon as possible.

Who needs to complete the SRA Diversity Survey?

The individuals who are required to complete the Diversity Survey include all members of your firm, with an opportunity provided to each individual to participate in the survey. While you may encourage them to complete the survey, it is not possible to compel them to do so.

This encompasses all full-time and part-time staff, including those on extended leaves, such as maternity or long-term sick leave, and all temporary employees, such as consultants who have been contracted to the firm for over three months.

However, it is not necessary to include any third-party entities or individuals who have been outsourced work, other external experts who have been engaged by the firm, or anyone who is typically located outside of the UK.

What information needs to be collected?

The SRA requires that firms report the following aggregate diversity data:

  • Employee role
  • Age
  • Employee sex and whether their gender identity is the same as the sex registered at birth
  • Information on any health issues or disabilities
  • Ethnicity and religion
  • Sexual orientation
  • Socio-economic background
  • Childcare and other caring responsibilities
  • Whether someone has a disability and whether they have any conditions which limit their ability to carry out day to day activities

What are the role categories?

The data must be collated and reported by role categories. Each member of staff must be put into one of the following categories:

  • Full equity solicitor partner
  • Salaried or partial equity solicitor partners
  • Solicitor (not partner)
  • Other fee earning role
  • Role directly supporting a fee earner
  • Managerial role
  • IT/HR/other corporate services role
  • Barrister
  • Chartered Legal Executive (Fellow)/CILEx Practitioner
  • Licensed Conveyancer
  • Patent or Trade Mark Attorney
  • Costs Lawyer
  • Notary
  • Prefer not to say

What are the data protection requirements for the SRA diversity survey?

This collection process must be done in compliance with data protection law, to ensure that it is collected, stored and processed safely.

You can opt to collect the data anonymously, but the SRA recommends that you link the data to an individual by reference to a confidential ID number.

How does the SRA use the data from the diversity survey?

The SRA uses the data primarily to update its law firm diversity tool, to inform policy and promote diversity in the profession.

It also has reporting requirements to the Legal Services Board and the Ministry of Justice.

Who should you collect data from for the SRA diversity survey?

Everyone that works at the firm (not just solicitors). This includes:

  • Full-time and part-time staff
  • Staff on maternity leave or sick leave
  • Temporary staff and consultants working at the firm for more than three months

You do not need to collect data from contractors, barristers, experts engaged on individual matters or staff that are based outside of England and Wales.

Is it required to publish your firm’s diversity data on your website?

Publishing your firm’s diversity data on your website is not a mandatory requirement. However, it is necessary to make the data available both internally to staff and externally. The most common way to achieve this is by publishing the data on the firm’s website.

SRA diversity survey collection tool

Although you can use the Word document provided by the SRA, this will require considerable administrative work.

You will need to:

  • Send the survey out to all staff
  • Collect responses in a confidential manner that encourages staff that their data is secure
  • Maintain compliance with data protection laws when processing the data
  • Collate the data by job role
  • Track response rate
  • Submit data to the SRA

VinciWorks’ SRA diversity survey collection tool can help streamline this process and enable you to collect, process, collate and submit the data in a straightforward and secure manner.

SRA diversity survey - Screenshot dashboard
With Omnitrack, you can create graphical reports in seconds

Contact us for more information.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.