Working From Home Policy In The UK: How To Stay Compliant

Remote and hybrid work are now part of everyday life for many small businesses. That’s great for flexibility and talent retention - but without a clear Working From Home (WFH) Policy, you risk inconsistent practices, compliance gaps and avoidable disputes.

The good news: with a straightforward policy and the right supporting documents, you can set expectations, meet your legal duties and keep productivity on track. In this guide, we’ll explain the UK laws that apply, what to include in your WFH Policy, and how to roll it out confidently.

Why A Working From Home Policy Matters For Small Businesses

A Working From Home Policy gives your team a clear framework for how, when and where work can be done away from the office. For small businesses, it helps you:

• Set expectations around availability, communication and output so everyone knows what “good” looks like.
• Meet health and safety obligations for home workstations and reduce the risk of injury claims.
• Protect confidential information and personal data when work happens off-site.
• Control equipment and costs - who pays for what, and how to request approval.
• Apply hybrid arrangements fairly and consistently to avoid discrimination risks.
• Resolve issues early (for example, performance or attendance) with clear, pre-agreed processes.

Most businesses include their WFH rules as part of a wider Staff Handbook alongside policies like data protection, IT security and expenses. If you don’t have one, consider a consolidated Staff Handbook so policies stay consistent and up to date.

What UK Laws Apply To Home Working?

Your legal responsibilities don’t stop at the office door. When staff work remotely, you still need to comply with core UK employment, health and safety, equality and privacy laws. Key ones to know include:

• Employment Rights Act 1996: Employees are entitled to written terms and fair treatment, including notice, pay, and protections against unfair dismissal (where eligible). Your Employment Contract should cover the place of work, hours, flexibility and any right to vary working location.
• Flexible Working (Requests) Regime: Employees can make statutory requests for flexible working (including home working). Since 2024 reforms, requests can be made from day one, with shorter decision timeframes. Your policy should explain how to request, assess and respond to these fairly and consistently.
• Health and Safety at Work etc. Act 1974 and Management of Health and Safety at Work Regulations 1999: You must take reasonably practicable steps to keep employees safe, including for home work. That involves risk assessments, training and guidance on safe workstations.
• Display Screen Equipment (DSE) Regulations 1992: If an employee is a “DSE user”, you should assess their workstation (even at home), provide information on posture, breaks and equipment, and take steps to reduce risk.
• Working Time Regulations 1998: Limits on weekly hours, rest breaks and daily/weekly rest apply even when working from home. It’s wise to reference Working Time Regulations in your policy and set guardrails around overtime and availability.
• Equality Act 2010: Avoid discrimination and make reasonable adjustments for disabled employees. Your WFH processes should be accessible and decisions recorded to show objective, business-based reasons.
• Data Protection Act 2018 and UK GDPR: If staff access or process personal data at home, you need appropriate security measures, training and policies. At a minimum, have a clear Privacy Policy, IT security standards, and data handling rules for remote work.
• Contract and confidentiality obligations: Protect business information with confidentiality provisions and an internal Confidentiality Policy. Specify acceptable use of devices, emails and cloud tools.

You may also have tax and expenses considerations (for example, reimbursement of business calls or certain equipment). Speak to your accountant for tax-specific advice, and make sure your policy is consistent with any HMRC guidance you follow.

What To Include In Your Working From Home Policy

Your WFH Policy should be practical, plain-English and tailored to how your business operates. Aim to cover the points below so managers and staff have a single source of truth.

1) Purpose, Scope And Eligibility

Start with why the policy exists and who it applies to. Clarify whether WFH is discretionary or contractual, which job roles are in scope, and who approves arrangements. If your business runs a hybrid model, spell out typical patterns (e.g., two office days per week) and how exceptions are agreed.

2) How To Request And Approve Home Working

Explain the process for requesting WFH, including statutory flexible working requests and informal arrangements. Set timelines for decisions, any trial periods, and the criteria you’ll consider (role requirements, client needs, performance, team coverage). Note that approvals may be varied or withdrawn with reasonable notice if business needs change.

3) Working Hours, Availability And Breaks

Reinforce contracted hours, core collaboration windows, and how to log time or attendance. Make it clear that staff must take legally required rest and meal breaks under the breaks rules, and that overtime needs prior approval. Include how to handle overtime, time off in lieu, and out-of-hours communication boundaries.

4) Performance, Communication And Availability

Describe how outputs will be measured (goals, KPIs, deadlines), expected responsiveness (e.g., Teams/Slack online status), and meeting etiquette (camera/microphone use, quiet space where possible). If performance issues arise, note that you may use coaching or a formal process like a performance improvement plan consistent with your other policies.

5) Health, Safety And Workstation Set-Up

State that the business will conduct a suitable and sufficient risk assessment for home working. Include practical guidance on:

• Desk, chair and screen height; lighting; glare reduction; and posture.
• Taking micro-breaks, varying tasks and moving regularly to reduce strain.
• Reporting accidents or near-misses and how to get help if something isn’t safe.

Provide a simple DSE checklist and confirm responsibilities for equipment maintenance and reporting faults.

6) Equipment, Costs And Insurance

Set out what the business will supply (laptop, accessories, software), what remains the employee’s responsibility (ergonomic chair, desk), and who pays for internet/phone costs. Explain how to request equipment, any reasonable limits, return obligations and what happens if items are damaged or lost. Ask employees to check their home insurance and any tenancy restrictions related to business use.

7) Data Protection, Security And Confidentiality

Cover the rules for accessing and storing business information at home, including:

• Secure devices (encryption, passwords, screen locking, approved antivirus).
• Secure networks (avoid public Wi‑Fi or use your business VPN).
• Paper files (avoid printing unless necessary, store and dispose securely).
• Clear-desk and screen privacy when household members are present.

Make sure your policy aligns with your Privacy Policy, any Data Processing Agreement you have with processors, and your internal IT/acceptable use rules. If team members use personal phones or laptops, set expectations with a BYOD standard so data protection and support boundaries are clear.

8) Use Of Personal Devices, Monitoring And Acceptable Use

Explain what platforms, apps and storage locations are approved, and what is not allowed. If you engage in proportionate monitoring (for example, reviewing activity logs to ensure security or compliance), be transparent about what may be monitored, why, and the legal basis under UK GDPR. Provide links to your IT and acceptable use policies within your Staff Handbook.

9) Eligibility Adjustments And Equality Considerations

Commit to assessing requests fairly and making reasonable adjustments for disabilities under the Equality Act 2010. Provide examples (specialist equipment, flexible hours) and how to request adjustments. Note that managers will document decisions and reasons to ensure consistent, objective outcomes.

10) Expenses And Claiming Process

Clarify what’s reimbursable, how to claim and any caps (e.g., headset up to a set amount). Keep this aligned with your finance processes and be clear about what needs pre-approval.

11) Information Sharing, Visitors And Household Risks

Remind staff to avoid discussing confidential matters where they can be overheard, to secure screens when others are present, and to keep business equipment out of reach of children or visitors.

12) Reviews, Changes And Ending Arrangements

Allow for periodic reviews (e.g., every 6–12 months) and include a right to vary or end home-working arrangements with reasonable notice for legitimate business reasons. State what happens when employment ends - equipment return and data deletion.

Helpful Supporting Documents

• Updated Employment Contract clauses covering place of work, mobility, remote work and equipment.
• Core Workplace Policy documents (data protection, IT security, expenses, disciplinary/performance).
• A consolidated Staff Handbook to keep policies consistent and easy to find.
• Privacy and security artefacts - Privacy Policy, Data Processing Agreement (where you use processors), and BYOD/acceptable use standards.
• Confidentiality and IP protections, supported by your Confidentiality Policy.

Practical Steps To Roll Out Home Working Safely

Here’s a simple process you can follow to implement or refresh your Working From Home Policy.

Step 1: Map Roles And Set Your Hybrid Model

Decide which roles are eligible for home working, the business rationale (client-facing needs, equipment or supervision requirements), and whether you’ll use fixed patterns or manager discretion. Put your high-level model in writing so decisions feel fair across teams.

Step 2: Draft Or Update Contracts And Policies

Align your WFH Policy with your contracts and handbook. If the place of work is changing, check what your current contracts say about location and variation. It’s usually sensible to issue updated policy communications and keep copies with your HR records.

Step 3: Complete Risk Assessments

Provide staff with a DSE self-assessment and remote work health and safety checklist. For higher-risk situations (e.g., pre-existing musculoskeletal issues), consider a virtual assessment by a competent person and provide reasonable equipment. Keep a record of assessments and actions taken.

Step 4: Set Up Secure Access And Tools

Check devices are encrypted, MFA is enabled, and staff can securely access systems via VPN or your approved cloud environment. Provide training on phishing, password hygiene and data minimisation. Ensure your rules dovetail with your BYOD stance if personal devices are used.

Step 5: Train Managers And Staff

Managers should understand flexible working rules, equality considerations, and how to support remote teams (regular 1:1s, outcome-based management). Staff should know the basics of workstation set-up, breaks, and how to raise issues.

Step 6: Monitor, Support And Review

Track wellbeing and performance without heavy-handed surveillance. Encourage micro-breaks, use regular check-ins, and plan in-office collaboration days. Review what’s working, update your policy, and keep records of decisions, especially when refusing requests or changing arrangements.

Common Pitfalls And How To Avoid Them

Most WFH problems fall into a handful of themes - here’s how to stay ahead of them.

1) Vague Rules About Hours And Availability

Without clarity on working hours and contactability, workloads creep and boundaries blur. Avoid this by setting core hours, response expectations and a simple system to log time. Tie your rules back to the Working Time Regulations and require pre-approval for overtime.

2) No Evidence Of Health And Safety Steps

If someone is injured at home, you’ll want to show you took reasonable steps. Keep copies of DSE assessments, training materials and equipment approvals. Encourage early reporting so you can adjust duties or provide kit before small issues become big.

3) Data Protection Gaps With Personal Devices

Personal laptops and phones are often the weak link. If you permit them, require security controls (encryption, MDM where appropriate), define boundaries for support and data wiping, and align your approach with your Privacy Policy and Data Processing Agreement obligations.

4) Inconsistent Decisions On Who Can Work From Home

Inconsistency can lead to grievances or discrimination risks. Use objective criteria (role needs, performance, client outcomes), train managers, and document the legitimate business reasons behind decisions. Consider a short appeal route to catch issues early.

5) Performance Drifting Without A Clear Process

Remote work can hide performance dips. Keep goals visible, run frequent 1:1s, and tackle concerns early. If needed, escalate via your standard performance process and keep your approach consistent with your Workplace Policy suite and contracts.

6) Not Updating Contracts To Reflect Hybrid Work

Where the place of work or mobility expectations meaningfully change, review your Employment Contract terms. A short side letter or updated contract can avoid ambiguity about flexibility, equipment and expenses, while keeping your overall legal position clear.

Key Takeaways

• A Working From Home Policy sets fair, consistent rules for hybrid work - it should cover eligibility, hours, approvals, health and safety, equipment, data security and confidentiality.
• Your legal duties still apply at home: health and safety risk assessments, Working Time rules on hours and breaks, equality and reasonable adjustments, and UK GDPR for personal data.
• Keep your WFH framework aligned with core documents - an up-to-date Staff Handbook, clear Employment Contract terms, a robust Privacy Policy, any Data Processing Agreement with processors, and a practical BYOD standard.
• Document your decisions, especially when accepting or refusing home-working requests, and review arrangements periodically to keep them fit for purpose.
• Train managers and staff, keep DSE assessments on file, and strike the right balance between accountability and trust to maintain productivity and wellbeing.
• Get tailored advice before changing contracts or implementing monitoring or significant policy shifts - small tweaks now can prevent bigger issues later.

If you’d like help drafting a Working From Home Policy, updating your Employment Contracts or aligning your handbook and privacy documents, our team can help. You can reach us on 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.