Alex is Sprintlaw’s co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
- What Is A Hybrid Working Policy?
What To Include In A Hybrid Working Policy Template
- 1) Purpose And Scope
- 2) Eligibility And Request Process
- 3) Work Patterns, Hours And Availability
- 4) Location, Equipment And Expenses
- 5) Data Protection, Confidentiality And Security
- 6) Health, Safety And Workstation Set-Up
- 7) Performance, Communication And Culture
- 8) Security And Acceptable Use Of Technology
- 9) Monitoring, Privacy And Transparency
- 10) Review, Changes And Withdrawal
- 11) Linked Policies And Documents
- Must-Have Documents And Policies To Support Hybrid Working
- Key Takeaways
Hybrid work is here to stay. For small employers, a clear, well-drafted hybrid working policy does more than set expectations - it keeps you compliant with UK law, protects your business, and helps your team work smoothly whether they’re at home, in the office, or on the move.
If you’re looking for a hybrid working policy template, don’t worry - below we walk through what to include, the laws you need to consider, and a practical rollout plan you can adapt to your business. We’ve also included a structured policy outline you can use as a starting point (and tailor with legal advice) so you’re protected from day one.
What Is A Hybrid Working Policy?
A hybrid working policy sets out how your employees split their time between the workplace and remote locations, the standards you expect, and the legal and practical rules that apply. It sits alongside your contracts and other policies to make sure everyone understands how hybrid work actually works at your business.
For small UK employers, a good hybrid working policy template should cover:
- Who is eligible and how to request hybrid arrangements
- Core working hours, attendance, and availability expectations
- Data protection, confidentiality and cybersecurity responsibilities
- Health and safety for home and remote workplaces
- Equipment, expenses and insurance
- Communication norms, productivity, and performance
- How the policy interacts with employment contracts and other policies
Think of it as your playbook. It keeps things fair and consistent across your team while aligning with the legal obligations you already have under UK employment, data protection and health and safety law.
What UK Laws Apply To Hybrid Working?
There’s no single “hybrid working law” in the UK. Instead, several existing laws apply - and your hybrid working policy template should reflect them in plain English so managers and employees can follow them day-to-day.
Flexible Working Requests
Employees have a statutory right to request flexible working. From 2024, this is a day-one right under the Employment Relations (Flexible Working) Act 2023 and related amendments. You must follow a fair process, consult meaningfully, and decide within the legal timeframe. Your policy should explain how requests are made and how you’ll handle them. Make sure your approach is consistent with the Employment Rights Act 1996 and ACAS guidance.
Working Time, Hours And Breaks
Hybrid working doesn’t change your obligations under the Working Time Regulations 1998 - including maximum weekly hours, rest breaks and daily/weekly rest. Your policy should set expectations for recording time and taking breaks, especially for remote workers who may blur boundaries. For a refresher on these duties, check the guidance on Working Time Regulations and your team’s rest and lunch breaks.
Data Protection And Privacy
When staff work remotely, you still need to comply with the UK GDPR and the Data Protection Act 2018. Your policy should set out acceptable use of devices, secure handling of personal data, and rules for working in public spaces. If staff use personal devices for work, your policy should align with your BYOD approach and security controls. It’s wise to back this up with a clear Privacy Policy and any necessary Data Processing Agreement with external suppliers (for example, cloud software).
Some businesses consider monitoring remote activity. If you go down that route, make sure it’s necessary, proportionate and transparent - and be clear about what is and isn’t monitored. For context on the risks, see the discussion of whether employers can monitor internet activity at work.
Health And Safety For Home Workers
Under the Health and Safety at Work etc. Act 1974 and the Management of Health and Safety at Work Regulations 1999, your duty of care extends to home and remote work. Your policy should explain how you’ll assess workstation risks (for example, under the Display Screen Equipment Regulations 1992), what equipment you’ll provide, and what employees must do to keep a safe working environment.
Equality And Non-Discrimination
The Equality Act 2010 applies to hybrid arrangements. Be consistent and avoid policies that put protected groups at a disadvantage unless they’re justified. Hybrid working can support reasonable adjustments, so set out how you’ll consider individual needs and document decisions.
Contracts, Policies And Handbook Integration
Make sure your policy is consistent with your Employment Contract, disciplinary and grievance procedures, and your wider Staff Handbook. Hybrid working shouldn’t accidentally override core contractual terms or create unintended rights - clarity and consistency are key.
What To Include In A Hybrid Working Policy Template
Use the outline below as a practical structure for your hybrid working policy template. Treat it as a checklist - the exact wording should be tailored to your business model, roles, and tech stack.
1) Purpose And Scope
- Explain the aims of hybrid working (flexibility, productivity, wellbeing, customer service)
- State who the policy applies to (e.g. permanent staff, probationary staff, contractors)
- Clarify that it sits alongside contracts and other policies
2) Eligibility And Request Process
- Eligibility criteria (role suitability, performance considerations)
- How to request hybrid working (statutory flexible working requests and informal arrangements)
- Assessment factors (business needs, collaboration, security, health and safety)
- Process and timelines for decisions and appeals
3) Work Patterns, Hours And Availability
- Days in the workplace vs remote (e.g. minimum office days, anchor days, team days)
- Core hours and flexibility within them
- Recording working time, overtime approvals, and break entitlements
- Meeting norms (e.g. cameras on/off, time zones, quiet hours)
4) Location, Equipment And Expenses
- Approved remote locations (home address, co-working spaces, overseas restrictions)
- Equipment provided (laptop, monitor, peripherals) and maintenance responsibilities
- Personal device rules if using BYOD (security software, updates)
- Expenses and claims (e.g. data, travel, co-working - what’s covered and caps)
- Insurance (who covers what, employer vs employee responsibilities)
5) Data Protection, Confidentiality And Security
- Handling of personal data and confidential information (secure storage, shredding, clear screens)
- Password standards, MFA, VPN and device encryption
- Use of public Wi-Fi and working in public places
- Rules for paper documents offsite
- Incident reporting - what to do if a device is lost or there’s a suspected breach
If staff use personal devices, align this section with your BYOD settings and security controls to avoid gaps. A quick read of the risks around work phones vs BYOD can help you set pragmatic guardrails.
6) Health, Safety And Workstation Set-Up
- Self-assessment checklists for home workstations and DSE guidance
- How to request adjustments or equipment
- Wellbeing support (breaks, workload, regular check-ins)
- Reporting accidents or concerns while working remotely
7) Performance, Communication And Culture
- Output and quality expectations (KPIs, deliverables, response times)
- How managers will communicate and review work
- Team collaboration norms (channels to use, meeting etiquette)
- How performance concerns will be addressed in a hybrid context
8) Security And Acceptable Use Of Technology
- Acceptable use of corporate systems, tools, and AI tools
- Prohibited activities and examples (downloading unauthorised software, sharing access)
- Consequences for breaches (link to disciplinary policy)
If your teams are experimenting with AI, it’s worth pairing this with a simple Generative AI Use Policy so your data and IP stay protected.
9) Monitoring, Privacy And Transparency
- Whether any monitoring occurs (e.g. security logs, email scanning) and why
- Transparency about methods, categories of data, and retention
- Employee rights and contact points for queries
10) Review, Changes And Withdrawal
- Right to review or change arrangements for business or performance reasons
- Notice periods for changes to patterns
- How the policy will be reviewed and updated
11) Linked Policies And Documents
- Employment Contract (work location, hours, confidentiality, IP)
- Data protection and privacy documents (Privacy Policy, DPIAs, retention)
- IT security/acceptable use, disciplinary and grievance procedures
- Health and safety policy and DSE assessments
- Staff Handbook for the full set of workplace rules
Step-By-Step: How To Roll Out Hybrid Working In Your Business
A polished hybrid working policy template is only half the job - the rollout determines whether it lands well with your team and actually reduces risk. Here’s a practical approach.
1) Assess Role Suitability And Business Needs
Start with the work your team does. Which roles genuinely need in-person collaboration, equipment or client interaction? Which are outcomes-driven and location-flexible? Document your rationale - this consistency helps with fair decisions and reduces discrimination risks.
2) Check Your Contracts And Update Where Needed
Review work location clauses, hours, confidentiality and IT obligations in your Employment Contract templates. If hybrid working introduces material changes, consult staff and issue appropriate variations. Keep your contracts aligned with your policy so managers aren’t stuck in a grey area.
3) Draft Your Policy And Cross-Reference Key Documents
Tailor the policy outline above to your operations and tech stack. Cross-reference your Staff Handbook, IT acceptable use, privacy, and health and safety documents so everything points in the same direction. If you rely on call recordings, transcription, or collaboration tools, make sure your approach to employee data aligns with GDPR rules about business calls.
4) Consult And Train
Share a draft with staff and consult. Explain the “why,” not just the “what.” Then train managers to apply the policy fairly, handle statutory requests properly, and manage performance by outcomes rather than presenteeism. Don’t forget induction training for new starters.
5) Equip Your Team
Issue or approve equipment, set up security controls (MFA, VPN, encryption), and collect workstation self-assessments. Clear guidance on IT and security up front reduces support tickets and data protection headaches later.
6) Monitor, Review And Improve
Set review points. Are you meeting customer needs? Is collaboration working? Are there recurring security or privacy issues? Update the policy as you learn - and keep changes documented and communicated.
Must-Have Documents And Policies To Support Hybrid Working
Your hybrid working policy doesn’t operate in isolation. These core documents help you cover the bases and avoid surprises:
- Employment Contract - Align work location, hours, confidentiality, IP, and variation clauses with your hybrid model.
- Workplace Policy - A single-source policy for conduct and standards that dovetails with hybrid work rules.
- Staff Handbook - Pulls together disciplinary, grievance, equal opportunities, health and safety and IT policies.
- Privacy Policy - Sets out how you handle personal data, including employee data in hybrid settings.
- Data Processing Agreement - Needed where suppliers process personal data on your behalf (e.g. cloud platforms, HR tools).
- IT Acceptable Use And Security - Pair with practical training and consider BYOD controls; be mindful of the issues outlined in the BYOD traps for employers.
Depending on your industry, you may also need sector-specific policies, customer confidentiality commitments, or additional controls for regulated data.
Common Pitfalls To Avoid (And How To Fix Them)
Hybrid working works best when you think a few steps ahead. Here are typical pitfalls we see - and how your hybrid working policy template and surrounding documents can prevent them.
1) Policy And Contracts Don’t Match
If your contracts say “place of work: office” but your policy expects three days remote, you’re inviting disputes. Align your contracts first and use clear variation letters where needed, then roll out your policy.
2) Vague Availability And Communication Rules
“We’re flexible” is great, but managers need guardrails. Define core hours, response times, and meeting expectations. Link those to performance measures so teams know what “good” looks like.
3) Security Gaps With Personal Devices
Hybrid work often turns into ad hoc BYOD. Without clear rules (patching, encryption, password managers, MDM), you increase your breach risk. Address this in your policy and acceptable use, and lean on simple controls - then reinforce in onboarding. The overview on BYOD mobiles is a helpful reminder of the risks.
4) No Process For Home Working Risk Assessments
Health and safety applies at home. Build in simple self-assessments, provide DSE guidance, and have a route to request reasonable adjustments or equipment. Regular check-ins matter for wellbeing as well as compliance.
5) Mishandling Flexible Working Requests
Turning down requests without proper reasoning or consultation can lead to grievances or discrimination claims. Train managers and document decisions carefully. Keep your policy’s request process compliant and transparent.
6) Monitoring Without Transparency
If you deploy monitoring software or review logs, be transparent, proportional, and clear on purpose and scope. Explain this in your policy and privacy notices. If you’re unsure where the line is, the discussion around monitoring employee internet use gives useful context.
7) Forgetting Breaks And Working Time
Remote doesn’t mean “always on.” Reinforce breaks and rest periods, and require accurate time records where appropriate. Point managers to the rules on working time and breaks so teams stay compliant and healthy.
Key Takeaways
- A hybrid working policy template should be practical and tailored - cover eligibility, hours, data protection, health and safety, equipment, performance, and how the policy ties to contracts.
- UK laws still apply in hybrid settings: flexible working (day one right), Working Time Regulations, UK GDPR/Data Protection Act, Health and Safety at Work, Equality Act and your contractual duties.
- Align your policy with your core documents. Keep your Employment Contract, IT/security and privacy documents consistent with hybrid rules, ideally within a clear Staff Handbook.
- Rollout matters: consult staff, train managers, equip teams securely, and review regularly. Hybrid working thrives on clarity and consistency.
- Avoid common pitfalls by documenting decisions, being transparent about monitoring, enforcing breaks and working time, and keeping BYOD and security under control with clear rules and simple tech.
- Templates are a helpful starting point, but hybrid policies work best when customised to your roles, tools and risk profile. Getting them drafted or reviewed by a lawyer will save headaches later.
If you’d like help drafting a tailored hybrid working policy template - or aligning your contracts, privacy and IT policies - you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.
