Working From Home Policy (UK): Key Clauses + SME Template

Hybrid and remote working aren’t “nice-to-haves” anymore for many small businesses - they’re a standard part of how teams operate.

But once you let people work from home (even occasionally), you’re also taking on a new set of practical and legal risks: data security, working time, health and safety, expenses, performance management, and boundaries around monitoring.

That’s where a clear working from home policy becomes one of your best legal foundations. It keeps expectations consistent, helps managers make fair decisions, and gives your team a written playbook to follow if something goes wrong.

Below, we’ll walk you through what a UK working from home policy should include (from an SME employer perspective), plus template clauses you can adapt for your business.

What Is A Working From Home Policy (And Why Do SMEs Need One)?

A working from home policy is a written workplace policy setting out the rules, expectations, and processes for employees (and sometimes workers/contractors) who work remotely.

For SMEs, it’s particularly useful because you usually don’t have the luxury of inconsistent “manager-by-manager” decision-making. If one person gets a home-working setup paid for, another person will (understandably) ask why they don’t. If one team is expected to be online at 8:30am and another isn’t, performance issues can creep in fast.

A well-drafted working from home policy helps you:

• Set clear expectations around availability, productivity, and communication.
• Manage legal compliance (for example, working time limits and health and safety duties).
• Reduce HR disputes by applying consistent rules across the business.
• Protect confidential information and customer data when work happens outside your premises.
• Create a fair approval process for remote working requests (including flexible working requests).

In most SMEs, the working from home policy sits alongside your wider suite of workplace documents, such as your Workplace Policy framework and your core Employment Contract.

Key UK Legal Issues Your Working From Home Policy Should Cover

A working from home policy isn’t just an “HR preference” document - it’s also part of how you show you’ve taken reasonable steps to run a compliant workplace.

Here are the big legal areas SMEs should think about when drafting a working from home policy in the UK.

Health And Safety Duties Still Apply

Even when someone works from their kitchen table, you still have health and safety duties as an employer. In practice, your policy should explain how you’ll manage:

• basic workstation setup (screen height, chair support, keyboard/mouse positioning);
• display screen equipment (DSE) risks (especially for desk-based roles);
• reporting accidents or injuries that happen “at work” while at home; and
• reasonable adjustments where needed (for example, where someone has a disability).

You don’t need to turn your policy into a 40-page manual - but you do want a clear process for assessments, reporting, and support.

Working Time, Breaks, And Overtime Boundaries

Remote work can blur boundaries. Employees might start earlier, finish later, or struggle to “switch off”. Your policy should reinforce your expectations around:

• core working hours (if you use them);
• how breaks are taken and recorded (if relevant);
• approval requirements for overtime; and
• rest periods and maximum weekly working time.

It’s worth aligning this with the Working Time Regulations and how you manage opt-outs, time recording, and overtime approvals. If you want a deeper explanation of what the law expects, Working Time Regulations is a good reference point for employers when designing policies and contracts.

Data Protection, Confidentiality, And Cyber Security

Working from home increases privacy and security risks: shared Wi-Fi, family members around devices, printing documents at home, or taking work calls in public spaces.

Your working from home policy should connect with your GDPR compliance and internal security processes, including:

• how data is stored and accessed;
• password rules and multi-factor authentication;
• rules on using personal devices; and
• incident reporting if a device is lost or compromised.

If your team uses their own phones or laptops, make sure the policy lines up with your approach to BYOD (bring your own device). It’s a common source of GDPR headaches for SMEs, especially where employees mix personal and work data on the same device - work phones vs BYOD comes up a lot in practice.

From a documentation perspective, many SMEs tie their working from home rules into an Acceptable Use Policy (covering systems, devices, and security expectations) and broader GDPR compliance steps like a GDPR package (privacy documentation, processes, and data protection support).

Monitoring, Productivity, And Employee Privacy

It’s normal to worry about productivity when your team is remote - but monitoring has to be handled carefully.

As a general rule, if you monitor employees (for example, system logs, device activity, access records, or tracking software), you should do it transparently, proportionately, and with a clear lawful basis. In many cases, you may also need to carry out a data protection impact assessment (DPIA) and ensure your approach is consistent with ICO guidance. Your policy is the place to explain:

• what monitoring happens (if any);
• why you do it (for example, security, compliance, operational reasons);
• how information is used and who can access it; and
• what employees can expect in terms of privacy.

This is also where you want to be careful about “informal” monitoring (like asking managers to check someone’s online status constantly). If you’re considering monitoring internet searches or browsing history on work devices, monitoring internet search history at work is something you’ll want to think through properly before rolling anything out.

Expenses, Equipment, And Home Office Setups

A working from home policy should make it clear what you provide and what you don’t. SMEs often get caught out here because the boundaries weren’t set at the start.

Common points to cover include:

• whether you provide laptops, monitors, headsets, keyboards, or ergonomic chairs;
• whether employees can purchase items and claim reimbursement (and the approval process);
• what happens to company equipment if employment ends; and
• insurance and responsibility for loss or damage.

If you want to keep it simple, you can set a “default kit” provided for relevant roles and a separate approval process for anything extra.

What To Include In A Working From Home Policy For Small Businesses (Practical Checklist)

If you’re drafting or updating your working from home policy, these are the sections that usually matter most for SMEs.

1) Scope And Eligibility

• Who the policy applies to (employees only, or also workers/contractors).
• Whether it covers full remote, hybrid, ad-hoc work from home, or all of the above.
• Any roles that are not eligible due to operational needs.

2) Approval Process (And The Right To Refuse)

• Who approves working from home requests.
• What factors you consider (customer needs, confidentiality, performance, equipment).
• Whether arrangements are trialled first.
• How you document approvals (for example, in writing by email or a variation letter).

Tip: Even if you’re open to flexibility, it’s still sensible to reserve the ability to change or withdraw a working from home arrangement for genuine business reasons - provided you do it fairly and consistently.

3) Hours, Availability, And Communication

• Core hours (if you use them) and expectations around responsiveness.
• Meeting etiquette (camera expectations, background, professionalism).
• How employees should record time, tasks, or attendance (if required).

4) Performance And Conduct Expectations

• How performance is measured for remote roles (outputs, KPIs, deadlines).
• Expectations around professionalism during calls and messages.
• Disciplinary consequences for misconduct (for example, unauthorised absence, confidentiality breaches).

5) Data Security And Confidentiality Rules

• Use of VPN / secure connections and password requirements.
• Storage rules (no saving company files to personal devices unless authorised).
• Prohibition on sharing devices with others where confidential data is accessible.
• Rules on printing and document disposal.

6) Equipment, Expenses, And IT Support

• What equipment the business provides.
• What employees must provide (for example, internet connection suitable for video calls).
• Process for reporting faults and getting IT support.
• Expense claims process, limits, and required receipts.

7) Health And Safety (Including DSE)

• Self-assessment process and when you’ll review it.
• Reporting injuries, hazards, or near misses.
• Required breaks and screen ergonomics guidance.

8) Monitoring And Privacy

• Systems used for work and any monitoring that occurs.
• Privacy expectations and boundaries.
• How you handle personal data collected via monitoring tools.

9) Review And Change Process

• How often the policy is reviewed.
• How changes will be communicated.
• Whether the policy is contractual or non-contractual (this needs careful drafting).

Template Clauses For A UK Working From Home Policy (SME-Friendly)

Below are template clauses you can adapt. These are a useful starting point, but don’t treat them as a one-size-fits-all solution - and they aren’t legal advice. Your policy should match your operations, your tech setup, and the level of flexibility you’re actually offering.

Also, be cautious about making policy wording accidentally contractual. If you’re unsure, it’s worth getting a lawyer to tailor the drafting so you’re protected from day one.

Clause 1: Purpose And Status Of Policy

1. Purpose
This Working From Home Policy sets out the Company’s expectations and requirements for employees who work remotely (including working from home).

2. Status
This Policy does not form part of any employee’s contract of employment. The Company may amend, replace, or withdraw this Policy at its discretion, subject to consultation where appropriate.

Clause 2: Eligibility And Approval

3. Eligibility
Working from home may be available for certain roles where it is operationally feasible and appropriate. Eligibility is determined by the Company having regard to business needs, the nature of the role, confidentiality requirements, performance, and health and safety considerations.

4. Approval Process
Employees must obtain written approval from their manager before working from home on a regular or ad-hoc basis. The Company may approve a working from home arrangement on a trial basis and may review the arrangement at any time.

Clause 3: Place Of Work And Working Environment

5. Home Working Location
Employees must work from the approved home-working location notified to the Company. Employees must notify their manager of any proposed change to their home-working location and obtain approval in advance where required.

6. Suitable Workspace
Employees are responsible for maintaining a safe, secure and suitable working environment, including appropriate lighting, seating, desk setup and freedom from unnecessary hazards.

Clause 4: Hours, Availability And Right To Disconnect

7. Working Hours
Employees must comply with their contractual working hours and take rest breaks in accordance with Company requirements. Overtime must be authorised in advance by the employee’s manager.

8. Availability
Unless otherwise agreed, employees are expected to be contactable during working hours and to attend online meetings as reasonably required.

9. Boundaries
Working from home does not create an expectation that employees will be available outside agreed working hours, except where explicitly agreed for business reasons.

Clause 5: Confidentiality And Data Security

10. Confidentiality
Employees must protect confidential information at all times while working from home. Confidential information must not be disclosed to any unauthorised person, including family members, housemates, or visitors.

11. Data Security
Employees must:
(a) use only approved devices and systems to access Company data;
(b) keep passwords secure and not share login credentials;
(c) ensure devices are locked when unattended; and
(d) promptly report any suspected data breach, loss, or unauthorised access to the Company.

Clause 6: Use Of Personal Devices (BYOD)

12. Personal Devices
Employees must not use personal devices for Company work unless expressly authorised. Where authorised, employees must comply with the Company’s security requirements, including installation of updates, device encryption (where required), and use of approved applications.

Clause 7: Equipment, Expenses And Return Of Property

13. Company Equipment
Where the Company provides equipment, employees must take reasonable care of that equipment and use it primarily for work purposes.

14. Expenses
Employees may only claim expenses for home-working costs where:
(a) the expense is pre-approved in writing; and
(b) a valid receipt is provided,
unless otherwise required by law.

15. Return Of Property
All Company property must be returned upon request and in any event on termination of employment, unless otherwise agreed.

Clause 8: Health And Safety, DSE And Reporting Incidents

16. Health And Safety
Employees working from home must complete any required workstation / DSE self-assessment and implement reasonable recommendations.

17. Reporting
Employees must promptly report:
(a) work-related accidents or injuries occurring while working from home; and
(b) any health and safety hazards that may affect their ability to work safely.

Clause 9: Monitoring And Acceptable Use

18. Systems And Monitoring
The Company may monitor the use of its systems and devices for legitimate business purposes including security, compliance, and operational management. Any monitoring will be carried out in a proportionate manner and in accordance with applicable data protection laws, ICO guidance, and any required DPIA processes.

19. Acceptable Use
Employees must comply with Company rules regarding acceptable use of IT systems, communications tools, and Company data when working remotely.

Clause 10: Review And Withdrawal Of Remote Working Arrangements

20. Review
The Company may review any working from home arrangement periodically or where business needs change.

21. Withdrawal
The Company may withdraw or vary a working from home arrangement where there is a genuine business reason to do so, following reasonable notice and consultation where appropriate.

Common Mistakes SMEs Make With Working From Home Policies (And How To Avoid Them)

Working from home policies usually cause problems when they’re vague, inconsistent, or don’t match what the business actually does day-to-day.

1) Treating The Policy Like A “Soft Suggestion”

If your policy says employees must use company devices, but everyone uses personal laptops in practice, you’ve created a gap that can come back to bite you (especially if there’s a data breach).

Make sure the policy reflects reality - or change reality to match the policy.

2) Forgetting About Data Protection

Remote work increases the chance of accidental disclosure: a screen visible to others, documents left on a printer, calls taken in public, or confidential files downloaded onto personal devices.

This is exactly why a working from home policy should align with your GDPR approach and your internal IT rules, not sit in isolation.

3) Not Defining Expenses Upfront

SMEs often end up in awkward conversations about who pays for monitors, chairs, upgraded broadband, printer ink, or heating.

You don’t have to pay for everything - but you do need to be clear about what you will cover, what needs approval, and what the default position is.

4) Over-monitoring (Or Monitoring Without Transparency)

Productivity concerns are real, but heavy-handed surveillance can damage trust and create legal risk.

If you monitor, be upfront and keep it proportionate. Put it in writing and ensure it’s consistent with your privacy and data protection obligations.

5) Making The Policy Accidentally Contractual

If policy wording is drafted the wrong way, employees may argue it forms part of their contractual rights (for example, an entitlement to work from home permanently).

This is where careful drafting matters. Your employment contract and policies should work together, not contradict each other.

Key Takeaways

• A clear working from home policy helps SMEs set expectations, manage risk, and apply consistent decisions across the business.
• Your policy should cover practical operational points (hours, communication, equipment, expenses) and key legal areas (health and safety, data protection, working time, monitoring).
• Make sure your remote working rules align with your Acceptable Use Policy, GDPR compliance approach, and your Employment Contract.
• Include a clear approval and review process so you can trial, adjust, or withdraw working from home arrangements where business needs change.
• Avoid common pitfalls like unclear expenses, policy/reality mismatch, and monitoring that hasn’t been properly documented, assessed (including any required DPIA), and communicated.
• Template clauses are a helpful start, but policies should be tailored - especially where they affect contractual rights, privacy, and security obligations.

If you’d like help drafting or updating a working from home policy (or aligning it with your employment contracts and data protection documents), you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.