Dashboard
Dashboard Make a document Ask a lawyer Get guidance Home
Account
Profile information Account settings
Logout
Help
Help Contact us
Explore
Make documents Ask a lawyer Get guidance About us
Account
Sign up Log in
Help
Help Contact us
Make documents
Easily make legal documents
See all documents
Popular business documents
Popular employment documents
Popular property documents
Popular family documents
Terms and conditions Privacy policy Non disclosure agreement Shareholders' agreement
Employment contract Health and safety policy Settlement agreement Consultancy agreement
Tenancy agreement Lodger agreement Eviction notice Declaration of trust
Affidavit Prenuptial agreement Last will and testament Power of attorney
Ask a lawyer
Get quick legal advice from a lawyer
Ask your question
Popular legal topics
Bespoke legal drafting Start a business Startup legal help Run an online business
Hire employees Manage employees Discipline employees Dismiss employees
Rent residential property Rent commercial property Manage rented property Tenant eviction service
Get divorced Apply for probate IR35 status determination advice Settlement agreement advice
Get guidance
Get reliable legal guidance
Read legal guides
Popular business guides
Popular employment guides
Popular property guides
Popular family guides
Make terms and conditions Run a private limited company Types of shares Ending a contract
Overpayment of wages Notice periods Summary dismissal Implied employment terms
Declaration of trusts Legal interests in property Section 21 notices Security of tenure
Affidavits Executing a will Changing your name Getting married
About us
Learn more about Rocket Lawyer
Contact us
Get more information
Pricing
Help
About us
Careers

MAKE YOUR FREE Employee privacy notice

MAKE YOUR FREE Employee privacy notice

  • Make your document in minutes
  • Access from any device
  • Securely sign online
Make document
Employee privacy notice

How to make an Employee privacy notice

See that you meet your legal obligation to inform staff about how you collect, use, retain and disclose their personal data.

This document is GDPR compliant.

Use this employee privacy notice:

  • if you employ staff and are based in England, Wales or Scotland

  • to inform staff about your use of their personal data

  • to help comply with your duty to protect the security of staff personal data

This employee privacy notice covers:

  • employer details

  • the types of staff personal data collected by the employer

  • the purposes for processing the data 

  • the uses the employer makes of staff personal data

  • who has access to staff personal data

  • transfer of data outside of the UK or European Economic Area (EEA)

  • measures to protect the security of personal data

  • data retention periods

  • staff members’ rights relating to their personal data

An employee privacy notice is a document that explains to staff the ‘what, how, where, why and when?’ regarding how a data controller (ie the employer) processes (eg collects and stores) staff personal data (eg contact details and medical information). In other words, an employee privacy notice is a statement detailing how employers collect, use, retain and disclose staff personal information.

For more information, read Processing personal data.

The UK General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA) require employers to be transparent and open about the information they collect from staff. Employers should tell staff the types of data they might collect about them and what they do with it. An employee privacy notice can be used to do this.

For more information, read Data protection and employees.

By creating an employee privacy notice and making sure it is readily available for staff, it will be incorporated into your business. It should be readily available to staff to provide them with an overview of the personal data collected, used, retained and disclosed by their employer.

You can also include it in your employee handbook for staff to read.

The GDPR and DPA don’t set out minimum or maximum time limits for keeping staff data; however, employers should not keep personal data for longer than necessary. Therefore, staff personal data can generally be stored for the duration of employment. After employment ends, staff personal data should be retained for no longer than necessary, based on the individual circumstances of the situation.

Data retention periods should be set out by the employer in internal policies (eg a data retention policy or information security policy). Ask a lawyer if you do not have such a policy in place.

The transfer of personal data to recipients outside the UK (known as 'third country') is prohibited under the law on data protection unless certain safeguards are put in place. The international transfer of personal data may be permitted:

  • if the third country has an adequate level of data protection, as determined by the Information Commissioner's Office (ICO)

  • on the basis of standard data protection clauses approved by the UK

For more information, read International transfers of personal data.

Staff members have certain rights relating to personal data held about them, including:

  • the right to access their data and be informed about how their data is being processed

  • the right to have their data rectified if it's inaccurate or incomplete

  • the right to object to the processing

  • the right to have their data erased in certain circumstances

For more information, read Data protection and privacy.

Ask a lawyer for:

  • advice on the use of covert monitoring in the workplace

  • issues where employer's use of staff data may infringe their right to privacy or relates to information about what they do outside work

  • changing an existing employee privacy notice

This employee privacy notice is governed by the law of England and Wales or the law of Scotland.

Other names for Employee privacy notice

Privacy notice, Fair processing statement.

Follow us

We use cookies to provide the best experience