Navigating ESG regulatory changes: what you need to know

Brent Herman our consultant managing the role
Posting date: 16 August 2023

As you’ll be well aware, the field of sustainable investing and environmental, social and governance (ESG) factors has gained significant momentum in recent years. As businesses strive to align with ESG principles, it’s essential to understand the evolving regulatory landscape. In the EU, regulatory changes for ESG laws, which will include a specific focus on reporting and equality quotas and will be mandatory for many companies, are on the horizon. 


Although the exact details of these changes are not yet known, it’s crucial to start preparing for them. This article aims to provide an overview of what you need to know, what actions you should take, and how the partnership between Illoominus and Hanover can assist you in navigating these regulatory changes effectively.

Continue on to hear how the landscape is changing before our very eyes and open up our Leadership & Workplace Predictions for 2023 report for a more focused insight into how organisations are incorporating ESG into their agendas.

Understanding the ESG regulatory landscape

The regulatory environment surrounding ESG data usage can be complex - and added to that, it’s different across different markets. This complexity often leads to confusion regarding what data can and cannot be used. 


When it comes to utilizing data for ESG purposes, organizations face several considerations, including data protection and compliance with the General Data Protection Regulation (GDPR). Many leaders are unsure about what they can do and where to start. However, it is crucial to recognize that regulatory changes are happening in 2024, and companies must be prepared. 


Even in the absence of specific details about these changes, there are a number of essential principles to keep in mind:

1. Compliance with GDPR and other country-specific rules

Most countries follow the rules set by GDPR, which serves as a fundamental practice for data protection. While there are exceptions in countries like France and Germany, where there are stricter rules, it is advisable for companies to adhere to GDPR as a baseline.


2. Seeking employee consent and ensuring clear data usage

To track and utilize data effectively, companies should obtain consent for usage from their employees. It’s also essential to clearly communicate how you’ll be using employee data and for what purposes.

3. Aggregate and anonymized data analysis

When analyzing data for ESG purposes, companies should focus on aggregate data rather than individual-specific information. You must remove any so-called ‘personally identifiable information’ (PII), so the data you use is anonymized. PII includes any data that directly identifies a person, whether that’s by their name, address, email, social security number, etc.


Illoominus, Hanover’s partner that specializes in HR data solutions, offers actionable insights and data to help businesses understand how they are tracking toward their people goals, like  diversity, equity and inclusion efforts. They specialize in breaking down data at an aggregate level, enabling organizations to understand trends and identify problems from a holistic perspective.

Example: Using aggregate data to understand what drives results

Illoominus was able to help a large US Telco better understand what drives results by pulling together multiple HR systems together to show key dimensions.


The customer’s challenge lay in having a lot of disparate data that couldn’t be analyzed well enough to provide meaningful insights. By bringing together data from across HR systems, Illoominus provided a full understanding of the employee journey across key dimensions like hiring, promotions and attrition rates. 


This aggregated data resulted in targeted initiatives to address priority areas, measurable results and learnings to support future strategy. Using these insights, Hanover could help the customer address equity and inclusion issues by revisiting company policies and de-biasing them, helping to create empowerment programmes and supporting initiatives that allowed everyone equal access to opportunities, such as promotions.

4. Data tracking and reporting

While some companies are already invested in ESG data tracking, many have yet to track and report on ESG-related metrics. However, the upcoming regulatory changes will require additional reporting within the EU. 


It’s crucial to get everything in place now, so you’re prepared for what these changes may bring. Illoominus, with its expertise in data analysis and reporting, can support companies in gathering and organizing the necessary data to comply with future reporting requirements. Getting on the front foot now will save a lot of time and pain in the long run, and mean that your business will be a lot more efficient and compliant when the changes are put in place.

5. Data security and storage

To protect data, companies should prioritize encrypting data during transfer and storage. Collaborating with IT teams can help ensure data remains secure and inaccessible both when it’s stored and also during transit.

6. Navigating local regulations

Navigating local regulations can be challenging due to nuances and variations across jurisdictions. It’s essential to cross-check practices against GDPR and consult legal experts to ensure that you’re compliant.

Change management and cross-company alignment

Implementing effective ESG and DE&I initiatives requires buy-in from leadership and strong change management processes. 


At Hanover, we specialize in supporting companies in incorporating data into their workforce planning, identifying improvement areas and making strategic decisions. We can help you foster cross-company alignment and ensure the successful integration of ESG and DE&I practices throughout your operations.

Example: Sharing accountability across department leaders at a fintech

Creating departmental reports or data access creates shared responsibility across leadership. Illoominus recently helped a rapid-growth fintech company build accountability across teams by disseminating aggregate data to key stakeholders.


Hanover could use the insights this data provided by facilitating the creation of new incentive structures for progress across departments and the ability to both pilot and learn from new initiatives. 

Taking action on ESG: How Illoominus and Hanover can help your organization

Illoominus and Hanover complement each other's strengths. Illoominus provides the data and insights that enable you to understand and progress towards your people goals, like diversity, equity and inclusion. 


Hanover can translate those insights into actionable DE&I strategies that address regulatory changes and align your business with emerging ESG laws. Hanover’s DE&I maturity levels provide a framework for understanding where you currently stand and how you can progress towards a high-performance DE&I culture.


As regulatory changes approach, it’s more crucial than ever to take proactive steps to prepare your organization. Only by establishing a solid foundation and leveraging data insights will you be able to navigate the evolving landscape successfully. 


If you want to find out how Illoominus and Hanover can provide your organization with the necessary tools and expertise to support you in gathering, analyzing and acting on DE&I data, contact Brent or Noelle today.


Disclaimer: This blog post is for informational purposes only and does not constitute legal advice. Please consult with your company's legal and IT teams for specific guidance on compliance with ESG laws and regulations.

Get to know our team
by selecting your area of interest: