What is the difference between an employee privacy notice and a privacy policy?

A privacy policy is published on your website for customers. An employee privacy notice is given directly to your staff (and usually job applicants) explaining how you process their employment data — payroll, performance records, health information, disciplinary records, and so on. Both are required under UK GDPR.

When should I give employees a privacy notice?

The ICO recommends providing the notice at the point of data collection — ideally at the job application stage or on the first day of employment. You should also update and re-issue it whenever there is a significant change to how you process employee data.

Employee Privacy Notice Template for UK Businesses

Q: Does an employee privacy notice cover contractors and agency workers?

It should. If you process personal data about contractors, agency workers, or volunteers, you must provide them with equivalent privacy information. Your notice should either cover all worker categories or you should have separate notices for each.

UK GDPR requires you to tell your employees how you collect, use, and store their personal data — just as you do for customers. An employee privacy notice fulfils this obligation and protects your business from ICO enforcement.

Get Employee Privacy Notice — £15 Get all 6 documents — £39

Instant PDF & Word download · 14-day money-back guarantee

What is an employee privacy notice?

An employee privacy notice (sometimes called a staff privacy notice or HR privacy notice) is a document given to employees explaining how your business collects, uses, stores, and shares their personal data as part of the employment relationship.

It covers things like payroll data, performance records, attendance, disciplinary records, health information, and any monitoring you carry out. Employees are data subjects under UK GDPR and have exactly the same rights as customers — including the right to know how their data is being used.

What an employee privacy notice must cover

What personal data you collect about employees and why
The legal basis for each type of processing (contract, legal obligation, legitimate interests)
How long you retain employee records
Whether you share employee data with third parties (payroll providers, pension schemes, HMRC)
Employees' rights under UK GDPR (access, erasure, rectification, objection)
Any monitoring of devices, emails, or communications
How to make a subject access request or complaint

Get your employee privacy notice today

£15

Employee Privacy Notice only

Single document

Get this document

£39

6 core compliance documents

Essentials plan

Get all 6 documents

£69

10 docs incl. SAR procedure & breach response

Professional plan

Get all 10 documents

Common questions about employee privacy notices

Is an employee privacy notice a legal requirement?

Yes. Under Articles 13 and 14 of the UK GDPR, you must inform employees and job applicants about how you process their personal data. This is separate from your customer-facing privacy policy. Employees are data subjects with the same rights as customers.

Is it different from my customer privacy policy?

Yes — they are separate documents. Your customer privacy policy explains how you handle customer data. Your employee privacy notice explains how you handle staff data: payroll, performance records, health information, disciplinary records, and so on. Both are required under UK GDPR.

When should I give employees the notice?

The ICO recommends providing it at the point of data collection — ideally at the job application stage or on the first day of employment. Update and re-issue it whenever you make significant changes to how you process employee data.

Does it cover contractors and agency workers?

If you process personal data about contractors, agency workers, or volunteers, you must provide them with equivalent privacy information. Your notice should cover all worker categories, or you should have separate notices for each type of worker relationship.

All 14 UK compliance documents

Privacy Policy Data Protection Policy Data Retention Policy Health & Safety Policy Risk Assessment Employee Privacy Notice Cookie Policy CCTV Policy Data Breach Procedure SAR Procedure Acceptable Use Policy Social Media Policy Fire Safety Policy Lone Worker Policy