Back to top
Employee Privacy Policy Fill out the template

Employee Privacy Policy

Last revision
Last revision 17/08/2020
Formats Word and PDF
Size 3 to 5 pages
Rating 4.4 - 18 votes
Fill out the template

About the template

Last revision: 17/08/2020

Size: 3 to 5 pages

Available formats: Word and PDF

Option: Help from a lawyer

Rating: 4.4 - 18 votes

Fill out the template

How does it work?

1. Choose this template

Start by clicking on "Fill out the template"

1 / Choose this template

2. Complete the document

Answer a few questions and your document is created automatically.

2 / Complete the document

3. Save - Print

Your document is ready! You will receive it in Word and PDF formats. You will be able to modify it.

3 / Save - Print

Optional legal consultation

You can choose to get help from a lawyer after filling out the document.

Optional legal consultation

Employee Privacy Policy

This document can be used as an employee privacy policy for an organisation based in the European Economic Area. It has been created to reflect the requirements of the General Data Protection Regulation ("GDPR") and sets out the employer's policies with regards to a number of key issues concerning personal information and privacy:

  • what information is collected
  • how that information is used
  • who that information may be shared with
  • collection of information and monitoring
  • non-EEA transfers
  • information security
  • employee rights

Please note that prior to completing the document, users should consider the lawful bases for their processing of personal information. The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever an entity processes personal data:

(a) Consent: the individual has given clear consent to process their personal data for a specific purpose.

(b) Contract: the processing is necessary for a contract with the individual, or because they have asked the relevant entity to take specific steps before entering into a contract.

(c) Legal obligation: the processing is necessary for an entity to comply with the law (not including contractual obligations).

(d) Vital interests: the processing is necessary to protect someone's life.

(e) Public task: the processing is necessary for the relevant entity to perform a task in the public interest or for their official functions, and the task or function has a clear basis in law.

(f) Legitimate interests: the processing is necessary for an entity's legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual's personal data which overrides those legitimate interests. (This cannot apply if the entity is a public authority processing data to perform their official tasks.)

Further information can be found in the ICO's employment practices code.


How to use the document

In order for the privacy policy to be effective, the employee will have to actually be made aware of the policy. So firstly, it will need to be published or kept in a location where it can be accessed, and notified to employees.

However many employers will also refer to the privacy policy within their employment contract, such that the employee can be considered to be agreeing to the privacy policy.

If personal information will be transferred to non-EEA countries by the employer, entities will need to consider the safeguards surrounding such transfers and may need to use an EU commission approved model contract or EU commission approved corporate binding rules.


Any applicable law

General Data Protection Regulation

Equality Act 2010


Help from a lawyer

You can choose to consult a lawyer if you need help.

The lawyer can answer your questions or help you through the process. You will be offered this option when you complete the document.


How to modify the template

You fill out a form. The document is created before your eyes as you respond to the questions.

At the end, you receive it in Word and PDF formats. You can modify it and reuse it.

Fill out the template