What policies do you need?

In the UK, businesses are legally required to have certain policies and procedures in place. The specific policies that a business needs to have can depend on factors such as its size, the sector it operates in, and the activities it undertakes. Below we have listed some of the key policies that you are likely to need to have in place, or be preparing to develop.

Health and safety policy

Every business, regardless of its size, must have a health and safety policy. This policy outlines the company’s commitment to providing a safe and healthy working environment for employees, as well as visitors. It should identify hazards, specify safety procedures, and describe the responsibilities of employees and management. The Health and Safety Executive has a full guide on writing a Health and Safety Policy.

Equal opportunities and anti-discrimination policy

To promote fairness and prevent discrimination, businesses are legally required to have an equal opportunities and anti-discrimination policy. This policy should outline the company’s commitment to diversity and inclusion and provide guidance on preventing discrimination based on factors such as gender, race, age, disability, religion, and sexual orientation. ACAS provide a template to help you get started.

Data Protection (including GDPR compliance)

If your business processes personal data, you must have a data protection policy and comply with the Data Protection Act, which incorporates the General Data Protection Regulation (GDPR). This policy should explain how you handle personal data, the rights of data subjects, and your data protection procedures. The Information Commissioner’s Office (ICO) has guidance on the principles and what they mean in practice.

Whistleblowing policy

A whistleblowing policy is required for businesses with 50 or more employees. It provides a framework for employees to report concerns about wrongdoing within the company while protecting them from retaliation. The Government has provided guidance on creating a whistleblowing policy and related issues.

Environmental policies

Depending on the nature of your business, you may be required to have environmental policies in place to address issues like waste management, energy efficiency, and pollution control. A broad guide to writing an environmental policy is available from NI Business Info.

Anti-bribery and corruption policy

Businesses may wish to establish an anti-bribery and corruption policy to comply with the UK Bribery Act 2010. This policy outlines the company’s stance on preventing bribery and corruption and may include procedures for reporting and addressing potential violations. Although it is not a legal requirement to have a bribery policy for your business, it can be useful to refer to in defence if bribery takes place within the business. The Government has a guidance document for commercial organisations about putting anti-bribery provisions in place.

Privacy and cookie policies

If your business operates a website or processes online data, you must have privacy and cookie policies that comply with data protection and privacy regulations. Openli provides a comprehensive overview of the requirements and how to implement it on your site.

Fire Safety Policy

Businesses are legally required to have a fire safety policy and conduct regular fire risk assessments. These policies help protect employees and visitors in case of fire. The Government has guidance available for those with legal responsibilities (such as business owners).

Please note that this list is not exhaustive, and the specific policies your business needs may vary depending on its size and the sector you operate in. You may wish to consult with legal and compliance experts to check your business is currently compliant. Be aware that regulations and legal requirements may change over time, so it’s important to stay informed and update your policies as needed.

Learn more

Find out about getting HR support as a small business

Read further guidance on organisational governance