Workplace Conduct In the UK: What Employers Must Include In Policies And Contracts

When you’re running a small business, “conduct in the workplace” isn’t just a HR buzzword - it’s one of the biggest factors affecting productivity, team culture, customer experience, and your legal risk.

Most workplace issues don’t start with a dramatic incident. They start with grey areas: someone repeatedly shows up late, a manager makes an inappropriate comment, a staff member posts something about your business online, or a heated conversation turns into a complaint.

The businesses that handle these situations well usually have one thing in common: they’ve clearly documented what good conduct looks like, what crosses the line, and what happens next.

In this guide, we’ll break down what UK employers should include in workplace conduct policies and contracts, how to keep them practical (not just “paperwork”), and how to reduce the risk of disputes when things go wrong.

Why “Conduct In The Workplace” Is A Legal And Practical Issue

It’s easy to think workplace conduct is mostly about “culture”. But in the UK, it’s also closely tied to your legal obligations as an employer.

Clear rules on conduct help you:

• Set expectations from day one (so you’re not “making rules up” mid-problem).
• Support fair, consistent management across teams and sites - especially if you’re growing.
• Reduce grievances and disputes by having a defined process and standards.
• Protect your business if you need to take disciplinary action or dismiss someone.
• Meet regulatory and compliance expectations in higher-risk industries (healthcare, childcare, security, hospitality, financial services, etc.).

It also helps you demonstrate that you acted reasonably - which matters if you ever need to justify decisions in a formal process.

As a starting point, workplace conduct policies typically sit in (or alongside) your staff handbook. Your contracts then tie employees to those rules by making the policies binding or requiring compliance with them.

What A Workplace Conduct Policy Should Cover (The Core Topics)

A strong conduct policy doesn’t need to be long - but it should be clear. Ideally, a team member should be able to read it and understand what’s expected without needing a lawyer to translate it.

Below are the most common areas UK employers should include when setting standards for conduct in the workplace.

1) Standards Of Behaviour (The “Baseline” Expectations)

This is the simple but important part: what does “professional behaviour” mean in your business?

Common baseline expectations include:

• treating colleagues, customers, suppliers and contractors respectfully
• following reasonable management instructions
• being honest and not falsifying records (time sheets, expenses, stock records, etc.)
• taking care of company property and equipment
• avoiding aggressive or intimidating behaviour

If your business has specific operational standards (for example, handling customer complaints, safety procedures, or brand presentation), it’s worth cross-referencing those too.

2) Anti-Discrimination, Bullying And Harassment

This is one of the most important areas to get right. It’s not enough to assume “everyone knows” what unacceptable behaviour looks like.

Your conduct policy should clearly ban:

• discrimination (including indirect discrimination)
• harassment (including sexual harassment)
• bullying, intimidation, humiliation, or victimisation

It should also explain:

• how staff can report concerns (and to whom)
• how you’ll respond (confidentially where appropriate)
• that retaliation against someone raising a concern is not acceptable

This isn’t just “best practice” - it’s a key risk area under the Equality Act 2010. Even small businesses need a clear stance and a workable reporting route.

3) Timekeeping, Attendance, And Reliability

Lots of workplace friction comes down to reliability: lateness, unexplained absences, or last-minute changes that leave your team short-staffed.

A good conduct policy should outline:

• expected working hours and punctuality standards
• how to notify absence (and by what time)
• who to contact (and what happens if they can’t be reached)
• requirements around sickness reporting and evidence

This is also where it helps to align your rules with your disciplinary process and absence management approach, so you’re not forced into “all or nothing” responses when the issue is repeated but not extreme.

4) Alcohol, Drugs, And Fitness For Work

You don’t need to run a high-risk site to have risk here. For example, someone turning up under the influence can impact safety, customer interactions, and wider staff wellbeing.

Your policy should state that employees must be fit for work and should address:

• being under the influence at work (including alcohol and illegal drugs)
• misuse of prescription medication (where it affects safety or performance)
• what happens at work events where alcohol is present
• the process if a manager suspects impairment

If you’re considering testing, you’ll also need to think carefully about privacy and proportionality, including having a lawful basis under UK GDPR and documenting your decision-making (for example, via a risk assessment and, where appropriate, a DPIA).

5) Confidentiality And Handling Business Information

From customer lists to pricing strategies and supplier terms, confidentiality is a big part of conduct in the workplace - especially if you have employees with access to sensitive systems.

Your conduct policy should include practical rules about:

• not sharing confidential information internally unless needed
• not forwarding work emails to personal accounts without permission
• keeping passwords secure and not sharing logins
• how to store and dispose of documents safely

Your Employment Contract should also contain confidentiality obligations (and in some cases, post-termination confidentiality too). Policies support the day-to-day “how”; contracts create enforceable legal obligations.

6) Social Media And Reputational Issues

Even if your business doesn’t have a big online presence, your team probably does.

A workplace conduct policy often includes social media rules covering:

• not posting confidential information
• not posting content that could reasonably damage the business or colleagues
• not implying they speak on behalf of the business without authority
• what happens if customers are filmed or photographed at work

If you collect or share images/videos of staff or customers, privacy issues can come into play too - particularly where individuals can be identified.

How Contracts And Policies Work Together (And What Must Be In Writing)

One of the most common mistakes we see is relying on a “policy” that isn’t actually enforceable - or assuming that a quick clause in a contract covers everything.

In practice, you want a layered approach:

• The employment contract sets the legal relationship, including duties, confidentiality, disciplinary rules, and key rights/obligations.
• Your handbook and policies explain the practical workplace rules and procedures in more detail (conduct, absence, IT use, complaints, etc.).

Key Contract Clauses That Support Conduct Standards

While your conduct policy will do a lot of heavy lifting, your contract should usually include clauses on:

• Duty to follow reasonable instructions
• Disciplinary and grievance procedures (often by reference to policies)
• Confidentiality
• Conflict of interest and secondary employment (where relevant)
• Notice periods and garden leave (where relevant)
• Data protection and acceptable use (often supported by a policy)

If you’re issuing a handbook, it’s also worth being deliberate about what is contractual (binding) and what can be updated. Many businesses specify that most policies are non-contractual, but still require compliance as part of employment.

This is a detail worth getting right - because changing contractual terms without agreement can cause disputes later.

Technology, Monitoring, And Privacy: Setting Rules Without Overstepping

Modern workplace conduct isn’t just about behaviour in the break room. It’s also about how people use systems and devices - and what you monitor.

If you’re thinking about IT rules, monitoring, or surveillance, you’ll usually want:

• a clear acceptable use policy (what’s allowed on work devices and networks)
• clear notice of any monitoring (what you collect, why, and how it’s used)
• a privacy-aligned approach under UK GDPR and the Data Protection Act 2018, including identifying a lawful basis and documenting necessity and proportionality (and, where appropriate, carrying out a DPIA)

Depending on what you’re doing, these resources are often relevant:

• Rules about workplace browsing often link back to internet monitoring and transparency expectations.
• If you use CCTV, it’s important to understand whether cameras in the workplace are lawful and what signage/policies you should have in place.
• If staff use personal phones for work, it’s worth thinking about GDPR and personal phones so you’re not accidentally creating a data protection mess.
• If you need a strong foundation document for IT, data and employee conduct, an Acceptable Use Policy can be a practical starting point.

The key principle here is balance: you can protect your systems and manage performance, but you should avoid “blanket surveillance” approaches without a clear reason and proper communication.

What To Do When Conduct Issues Arise: A Fair Process (Without The Headache)

Even with great policies, problems can still happen. The goal isn’t perfection - it’s having a process you can follow so decisions are consistent and defensible.

Step 1: Separate “Performance” From “Misconduct”

Conduct issues can overlap with performance issues, but they’re not the same.

• Performance: can’t do the role properly (skills, capability, output, errors).
• Misconduct: won’t follow rules or behaves inappropriately (lateness, rudeness, dishonesty, harassment, insubordination).

Where the issue is performance, you may need training, support, and a structured plan. A Performance Improvement Plan is often the most sensible (and fair) way to document expectations and support.

Step 2: Investigate Properly (Even If You Think You “Know What Happened”)

A rushed response is one of the biggest risk points for employers. If you don’t investigate, you can end up relying on assumptions - and that’s where disputes and grievances multiply.

Depending on the issue, a fair approach may include:

• gathering statements from witnesses
• reviewing messages, CCTV, or system logs (where lawful)
• giving the employee an opportunity to respond
• keeping notes of meetings and decisions

If you need a structured approach, workplace investigations are an area where process really matters - especially if dismissal is a possible outcome.

Step 3: Use Clear Disciplinary Outcomes (Informal, Formal, Or Escalated)

Your policies should support proportionate outcomes, such as:

• informal conversation and coaching
• verbal warning (often recorded in writing for clarity)
• first written warning
• final written warning
• dismissal (where appropriate and fair)

Being consistent matters - not because every case is identical, but because inconsistency is often what triggers “this feels unfair” complaints.

Step 4: Know When You’re In “Gross Misconduct” Territory

Some conduct issues are so serious they may justify dismissal (potentially summary dismissal) - but you still need to follow a fair process.

Gross misconduct varies by workplace, but common examples include theft, violence, serious harassment, serious dishonesty, or major safety breaches.

It’s worth having a clear list and process in your policies so managers don’t improvise. This gross misconduct checklist is a helpful way to think about steps and risks.

How To Make Your Conduct Policies Actually Work In A Small Business

Here’s the honest truth: most workplace policies fail because they’re written like a textbook and then forgotten.

To make your conduct in the workplace standards usable day-to-day, focus on a few practical implementation steps.

Keep Policies Short, Specific, And Relevant

If you run a café, an agency, a trade business, or a small retail team, you don’t need a 60-page policy library. You need rules that match your real risks.

Start with:

• conduct and behaviour standards
• anti-bullying/harassment and complaints reporting
• disciplinary and grievance procedures (aligned with the ACAS Code of Practice on disciplinary and grievance procedures)
• IT and device use (especially if you use customer data or take online payments)
• confidentiality and data handling

Make It Part Of Onboarding

Many conduct disputes start with “I didn’t know that was the rule.” Onboarding is where you prevent that.

Simple steps that help:

• give new starters your handbook/policies before day one where possible
• have them confirm they’ve read and understood key policies
• train managers to reinforce the rules consistently

Update Policies As You Grow (And As Risks Change)

A two-person business has very different workplace conduct risks compared to a 20-person business with line managers, multiple shifts, and higher staff turnover.

Triggers to review your policies include:

• hiring your first manager
• introducing remote work or BYOD (bring your own device)
• starting to use CCTV, tracking, or monitoring tools
• moving into regulated work or contracting with larger clients
• having your first grievance or serious disciplinary issue

If you want a practical package that brings policies together with contracts, a Staff Handbook can help you document rules clearly and consistently.

Key Takeaways

• Conduct in the workplace is both a culture issue and a legal risk area - clear rules help you manage fairly and consistently.
• A good workplace conduct policy should cover behaviour expectations, bullying/harassment, attendance, fitness for work, confidentiality, and social media.
• Your employment contracts and policies should work together, with contracts setting enforceable obligations and policies explaining practical day-to-day rules.
• If you monitor devices, internet use, or use CCTV, you should document it clearly and align your approach with UK GDPR and the Data Protection Act 2018 (including identifying a lawful basis and, where appropriate, carrying out a DPIA).
• When conduct issues arise, a fair process usually means investigating properly, separating misconduct from performance, and using proportionate disciplinary outcomes in line with the ACAS Code.
• Policies only work if they’re implemented - keep them relevant to your business, include them in onboarding, and review them as you grow.

If you’d like help reviewing your workplace conduct policies, updating your employment contracts, or putting a clear disciplinary framework in place, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.