Employee Privacy Notice

Employees are data subjects, and employers process substantial amounts of their personal data, often more than they realise. The employee privacy notice is the transparency obligation under Articles 13 and 14 of the UK GDPR, applied to the employment relationship.

What an employee privacy notice has to cover

The notice needs to address: what personal data is collected; from whom; why (lawful bases will typically include contract, legitimate interests, and legal obligation, with consent in narrow circumstances); who it is shared with (payroll, benefits providers, recruiters, regulators); how long it is retained; and what rights employees have over it.

The notice is often issued at recruitment and refreshed at material changes. Generic templates regularly miss the specifics that the GDPR requires, particularly around special category data, monitoring, and international transfers.

Every employer that processes employee personal data is legally required to provide a privacy notice under UK GDPR.

Example: a typical scope and fixed fee

For a UK employer providing a privacy notice to its employees, the typical scope looks like this.

What's included

• A consultation to understand what employee data you collect and how you use it
• Drafting of an employee privacy notice covering data categories, lawful bases, retention, rights, and any monitoring or automated decision-making
• One round of revisions based on your feedback
• Final version ready to issue to employees

What's outside this scope

• Applicant/candidate privacy notice
• Data protection impact assessments
• Tax advice

Fixed fee: £350, no VAT.

How I will approach your matter

Once you have instructed me, I will take the time to understand what employee data you collect and how you use it, then draft a tailored notice that is clear, compliant, and ready to issue to your employees.