Workplace Privacy Policy​

What is a Workplace Privacy Policy?

A privacy policy in the workplace is a mandatory corporate internal procedure that outlines terms and conditions of processing employees’ personal information by the employer. This is one of the key corporate policies businesses operating in the UK should have.

A standard UK GDPR workplace policy includes types of personal information to be processed, purposes of processing such information, amendment of the policy, sharing of personal data with third parties, data protection officer and its contact details, etc.

This policy template aligns with best HR practices and the UK Data Protection Act 2018, as well as the retained EU GDPR Regulation 2016.

The document is suitable for small businesses, startups, family offices or big companies performing three business activities fully or partially across the UK.

Why do employers need a workplace privacy policy​?

Introduction of a solid and well-drafted employee privacy policy template within the organisation can be useful for the following reasons:

• to prevent personal data breaches and leakage;
• to add an additional layer of protection to employees’ sensitive data, such as health information, sexual orientation, etc.;
• to ensure transparency of collection of personal data and usage for employees;
• to set up mutual rights and obligations aimed to protect personal information;
• to ensure full compliance with the UK Data Protection Act 2018;
• to prevent misuse of personal information or its usage for illegal purposes;
• to define a clear network of people within the organisation responsible for data protection and breach prevention.

A workplace privacy policy​ is being used in conjunction with other corporate policies, including:

• Grievance Procedure. An employee may file a complaint with the employer or the Information Commissioner’s Office if the employee thinks the personal information is not being managed appropriately.
• Disciplinary Procedure. An employer may apply disciplinary measures to employees who do not comply with the provisions of the present policy.
• Workplace Code of Conduct. This document defines the main obligations of the employer and employee at the workplace.

Types of employee personal data covered by the policy

A standard privacy policy for employees template​ deals with the following types of personal information:

Sensitive Data

Sensitive personal information includes any information which relates to the following:

• your genetic information;
• your biometric information;
• your ethnic origin;
• your political opinions;
• your religious or philosophical beliefs;
• whether you belong to a trade union;
• your physical or mental health or condition;
• your sexual life.

Criminal Offence Information

Criminal offence information may include criminal records checks, convictions, cautions, warnings, administrative court hearings, etc. This type of personal information may be collected during the recruitment or employment procedures, for example, when hiring a school teacher, a lorry driver, etc.

Other Personal Information

In the course of employment procedure, as well as during the whole duration of the employment contract, employers may collect the following information about their employees and staff, including:

• name and date of birth;
• professional experience;
• level of education;
• qualifications;
• insurance and social security number;
• information about close family members, etc.

What should this workplace privacy policy template include?

This privacy policy for employees template​ must include the following:

Information about Employer

This is the introduction section for every privacy policy in the UK that outlines:

• full name and business registration number of the employer;
• list of purposes for which this policy is being implemented;
• date of implementation of this policy;
• full name and contact details of the person within the organisation responsible for implementation of this policy.

Types of Personal Information

The text of the employee privacy policy template should list all types of personal information collected from the employees. This information includes information collected in the process of recruitment, during employment, as well as after the termination of employment relations.

Apart from that, the policy should also define exact purposes for which information is being collected, for example:

• to enter employment contact;
• to perform legal obligations;
• to comply with effective laws, etc.

Source of Personal Information

The employer should inform employees of sources from which personal information is being collected, including:

• Third-Party Sources. It means that all or some types of personal information the employer obtains from third-party sources, for example, recruitment agencies used to seek potential candidates.
• Monitoring. It means that the employer uses certain CCTV tools, browsing history, email or log activity records and other tools to track and collect personal information from the employees.
• Employees. It means that some or all types of personal information are being received directly from employees.

Third-Party Sharing

This section is not mandatory for all UK employers and should be included in the text of the employee privacy policy template​ only when information is being shared with third parties. In such a case, the document should outline:

• full name of the third party;
• types of personal information that is being shared;
• purpose for which information is being shared;
• location of the third party.

How to customise this employee data privacy policy template​?

To get a fully customisable policy template with FasterDraft, follow a few easy steps:

1. Click the “Create Document” button.
2. Answer simple questions in the form.
3. Select a template’s format – PDF or Word,
4. Make a payment.

The document is ready for instant download immediately after the purchase.