Staff Privacy Policy

A Staff Privacy Policy is a document that outlines the guidelines and rules governing the privacy of staff members within an organisation. This policy typically addresses how employee personal information is collected, stored, and used, as well as the measures taken to protect this data. Attaching the Staff Privacy Policy to staff contracts is a common practice to ensure that all employees are aware of and agree to the privacy policies and practices of the organisation. It serves as a legally binding agreement between the employer and the employee, emphasising the importance of data privacy and security for both parties.


In doing business the firm captures and shares personal data of its staff and independent collaborators. GDPR requires the firm to inform its staff of the data it processes and shares as well as the rights staff have under the GDPR regulation.


  1. We advise you to go through your GDPRWise Staff and Third party dossiers. Make sure and confirm that they accurately reflect how you process and share your staff’s data. If you are using a service provider to assist with wage and benefit processing make sure that third party is captured in your Third Party dossier. Additionally, you might want to ask that third party to confirm your staff dossier is complete.
  2. When ready, download your staff privacy policy from the GDPR Documents page in the format you prefer.
  3. Confirm with your staff you now have a privacy policy in place and have them accept or comment on it.
  4. Going forward attach the staff privacy policy as an addendum to your staff contracts so your staff are informed of the personal data you process as well as their rights.

    For more information on how to get started on GDPR do consult our knowledge base.

    Also, feel welcome to try our Free GDPR Policy checker, check if your Policy is compliant.