Profile information Account settings
Logout
Sign up Log in

Make your Free Employee Privacy Notice

See that you meet your legal obligation to inform staff about how you collect, use, retain and disclose their personal data. This document is GDPR compliant. Recently reviewed by Lauren Delin,... ... Read more

Make document

How It Works

Create your document

Create your document

Answer a few simple questions to make your document in minutes

Save, print & share

Save, print & share

Save progress and finish on any device; download & print anytime

Sign & make it legal

Sign & make it legal

Securely sign online and invite others to sign

How to Make an Employee Privacy Notice

  • Summary of an employee privacy notice

    See that you meet your legal obligation to inform staff about how you collect, use, retain and disclose their personal data.

    This document is GDPR compliant.

    Recently reviewed by Lauren Delin, Solicitor. 

    This employee privacy notice was last reviewed on 3 September 2021.

  • When should I use an employee privacy notice?

    Use this employee privacy notice:

    • if you employ staff and are based in England, Wales or Scotland

    • to inform staff about your use of their personal data

    • to help comply with your duty to protect the security of staff personal data

  • What's included in an employee privacy notice?

    This employee privacy notice covers:

    • employer details

    • the types of staff personal data collected by the employer

    • the purposes for processing the data 

    • the uses the employer makes of staff personal data

    • who has access to staff personal data

    • transfer of data outside of the UK or European Economic Area (EEA)

    • measures to protect the security of personal data

    • data retention periods

    • staff members’ rights relating to their personal data

  • What's an employee privacy notice?

    An employee privacy notice is a document that explains to staff the ‘what, how, where, why and when?’ regarding how a data controller (ie the employer) processes (eg collects and stores) staff personal data (eg contact details and medical information). In other words, an employee privacy notice is a statement detailing how employers collect, use, retain and disclose staff personal information.

    For more information, read Processing personal data.

  • Do I need an employee privacy notice?

    The UK General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA) require employers to be transparent and open about the information they collect from staff. Employers should tell staff the types of data they might collect about them and what they do with it. An employee privacy notice can be used to do this.

    For more information, read Data protection and employees.

  • How do I implement an employee privacy notice?

    By creating an employee privacy notice and making sure it is readily available for staff, it will be incorporated into your business. It should be readily available to staff to provide them with an overview of the personal data collected, used, retained and disclosed by their employer.

    You can also include it in your employee handbook for staff to read.

  • How long can staff personal data be stored?

    The GDPR and DPA don’t set out minimum or maximum time limits for keeping staff data; however, employers should not keep personal data for longer than necessary. Therefore, staff personal data can generally be stored for the duration of employment. After employment ends, staff personal data should be retained for no longer than necessary, based on the individual circumstances of the situation.

    Data retention periods should be set out by the employer in internal policies (eg a data retention policy or Information security policy). Ask a lawyer if you do not have such a policy in place.

  • Can data be transferred outside of the UK or EEA?

    The transfer of personal data to recipients outside the UK (known as 'third country') is prohibited under the law on data protection unless certain safeguards are put in place. The international transfer of personal data may be permitted:

    • if the third country has an adequate level of data protection, as determined by the Information Commissioner's Office (ICO)

    • on the basis of standard data protection clauses approved by the UK

    For more information, read International transfers of personal data.

  • What rights do staff members have in relation to their personal data?

    Staff members have certain rights relating to personal data held about them, including:

    • the right to access their data and be informed about how their data is being processed

    • the right to have their data rectified if it's inaccurate or incomplete

    • the right to object to the processing

    • the right to have their data erased in certain circumstances

    For more information, read Data protection and privacy.

What are some other names for Employee Privacy Notice?

Privacy notice, Fair processing statement.

Related documents

Ask a lawyer

Get quick answers from lawyers, easily.
Characters remaining: 600
Rocket Lawyer On Call Solicitors

WHY ROCKET LAWYER?

Easy legal documents at your fingertips

Answer a few simple questions to make your document in minutes

Easily customisable
Make unlimited revisions and copies. Share and print anytime.
Legal and reliable
Our documents are vetted by lawyers and legal staff, so you can use them with confidence.
Sign online, anytime, anywhere
Get secure, digital signatures on any device in seconds.
Try Rocket Lawyer free for 7 days
Make your Premium document today and get back to doing what you love.

Looking for something else?