Diversity and Inclusion has come a long way since it was first pioneered in the 1960s, and it is not hard to see why. When it is done right, a diverse workplace is good for businesses, and it is good for employees.

In today’s data privacy landscape, it is more important than ever for employers to get things right. Data privacy laws can seem intimidating on first viewing, but when it comes to diversity programmes, they can help give employers and employees peace of mind. All things considered, this Pride month, here are our top 10 tips for Diversity and Inclusion initiatives:

  1. Know your employees’ rights
    Be proactive about protecting your employees’ rights. Data collection initiatives amongst your employees must be paired with informed consent to participate as data subjects, and the option to withdraw consent at any point. In the EU, programmes handling this kind of sensitive information will usually need to carry out an impact assessment. This is great practice for any organisation, to identify and mitigate risks up front.
  1. Make sure your data security is up to scratch
    Speak to your IT team about how secure your data is. Some of your questions will be technical, such as how secure your servers are, or whether your firewall is up to date. Remember the personnel questions too: how precise are your access controls? Could any employee log in and see this data? Also remember that not all security practices start with IT. Think about how to protect the data as you collect it, whether that is through pseudonymisation, anonymisation, or other control techniques.
  1. Prioritise transparency
    For employees, deciding whether to disclose sensitive personal data to their employer can be a big decision. Being up front on how you plan to use the data is not just a courtesy; for businesses, subject to the GDPR, it is a requirement. This brings us onto…
  1. Be clear on what data you are collecting
    For GDPR compliance, you need to know what kinds of data processing you will be doing at the start of your project; you cannot collect all the data first, and then decide how to use it later. In general, you do not want to collect more data than you need. The more sensitive data you hold, the more exposure you risk to security incidents. In addition, you do not want to waste resources sifting through piles of information that you do not even need.
  1. Set goals
    Similarly, understand what your business wants to achieve through a D&I initiative. Are you targeting diversity on specific teams? Do you want to track the effectiveness of an outreach programme? Setting your goals will help clarify the data you need to collect.
  1. Make time for regular training
    Effective training is routine training. For diversity initiatives, implicit bias training has a big part to play in keeping your workplace safe for all your employees. At a managerial level, businesses should also be investing in privacy training. Employees who handle sensitive information should understand their responsibilities according to privacy laws, such as keeping data confidential and secure.
  1. Have anti-bullying policies in place
    “Hope for the best and prepare for the worst”. First of all, an anti-bullying policy demonstrates that your business is a safe place for employees to be themselves. Secondly, this is the kind of policy to implement well in advance of needing it. This ensures that everyone has had the opportunity to familiarise themselves with it and can help safeguard against bias if a dispute is raised.
  1. Invest in positive initiatives
    Do not forget about the “inclusion” part of Diversity and Inclusion! When it comes to meeting your goals, and inviting your workforce to participate, remember to highlight the positive outcomes of your D&I scheme. Do you have mentoring opportunities, or a charitable partner?
  1. Seek feedback
    There is always room to grow. Your workforce is at the heart of your D&I programme––their insight can be invaluable. You might consider establishing a D&I board or working group. In any case, give your employees the chance to share their thoughts. By doing so, you improve the likelihood of their renewed participation, and gain opportunities to fine tune your activities.
  1. Understand the importance of strong leadership
    With a lot of moving parts and (ideally) large participation numbers, you want somebody reliable in charge. This person will be there to prioritise your D&I goals, track where things are working, and course-correct where they are not. From a data privacy perspective, it is important to identify someone who can take ownership of these processes and the personal data they use. If you want your employees to trust you with their data, show them they are giving it to someone they can trust.

If you want to discuss this topic, or anything else data protection and privacy-related, please contact us at dpo@hewardmills.com.