A Practical HR Compliance Checklist for UK SMEs
Most small businesses don’t set out to be non‑compliant.
What usually happens is simpler than that: you hire good people, you’re busy, things move quickly… and HR becomes a mix of “what we agreed at the time” and “what we’ve always done”.
That works… until it doesn’t.
This checklist is designed as a steady, practical sanity-check for UK SMEs. Not a legal lecture. Not a 40‑page audit. Just a clear way to spot gaps early, prioritise what matters and reduce the risk of issues escalating later.
A useful test question as you go: will this help your people do their best work? If it improves clarity, consistency and capability, it’s worth putting in place.
How to use this checklist
Skim the sections and mark each item Yes / No / Not sure.
Don’t aim for perfection - aim for knowing where you stand.
If you find several “not sure” answers, that’s a sign your documents or processes aren’t easy to find (which is a fix in itself).
This post focuses on: a practical HR compliance checklist you can tick off quickly.
If you want:
The plain-English explanation of what compliance means, read Small Business HR Compliance in Plain English.
The full breakdown of essential policies, read The HR Policies UK Employers Need in Place (Mandatory & Sensible).
Help getting contracts right from the start, read Employment Contracts for UK Small Businesses: What to Include and Why.
Section 1: Essentials for every employer
Contracts and written terms
Every employee has a written contract or written terms that reflect reality (hours, pay, location, notice, etc.)
Any changes to hours/pay/role have been confirmed in writing
Role clarity exists (job description or clear expectations for each role)
You can find the latest version quickly (not buried in an inbox)
Right to work and recruitment basics
Recruitment decisions are documented (short notes are enough)
Right to work checks are completed properly and stored securely
References (where you take them) are handled consistently
DBS and driving licence/insurance checks are completed as necessary
Pay and leave essentials
Pay dates, deductions and payslips are handled consistently
Holiday entitlement, especially for part-timers, and booking processes are clear
Sick pay entitlement and triggers are clear for everyone
Holiday and sickness records are up to date and accurate (your paying holiday based on actual pay not just contractual)
Statutory essentials (often forgotten)
Payroll and PAYE are set up correctly (and you can evidence what you pay and why with clear records)
National Minimum Wage / National Living Wage checks are in place, especially when hours vary
Pension auto‑enrolment duties are covered (assessments, enrolment where required and contributions paid)
Statutory payments are handled properly where relevant (e.g., Statutory Sick Pay, maternity/paternity) and you’ve got Self certification, Fit Notes, MATB1s etc. to support this
Employers’ Liability insurance is in place (and the certificate is accessible to everyone)
Working time and hours (where relevant)
Working hours and breaks are managed in line with Working Time rules (everyone working 6 hours or more gets at least a 20 mins break for example)
If you rely on 48‑hour opt‑outs, they’re in writing and stored
Section 2: Core policies (lean, usable and aligned to how you operate)
You don’t need dozens of policies. You need the right ones, written in plain English and actually used.
Conduct and complaints (disciplinary and grievance)
Fairness and behaviour (equal opportunities and anti-harassment/bullying)
Time off and health (holiday and sickness absence)
Privacy and governance (data protection/privacy, whistleblowing, anti‑bribery)
For the full breakdown of what each policy is for (and what “good” looks like), see The HR Policies UK Employers Need in Place (Mandatory & Sensible).
Quick check: managers know where the policies are and what to do first when something happens.
Section 3: Day‑to‑day processes (where inconsistency usually creeps in)
Onboarding and probation
New starters receive a consistent onboarding process (even if it’s simple)
Probation has clear check‑ins and expectations (support, stretch and feedback)
You document probation discussions and outcomes (short notes, nothing elaborate)
Absence and wellbeing
Absence reporting is clear (who to tell, how and by when)
Return‑to‑work conversations happen consistently (these really work!)
Fair triggers are used consistently to manage persistent short-term absences
Longer-term absence is managed with sensitivity and a clear process
Performance and capability
Managers are confident having early performance conversations
Performance expectations are clear (what “good” looks like)
Underperformance is addressed early rather than drifting
Key conversations are documented (brief, factual, respectful)
Conduct and complaints
Managers know the difference between performance, misconduct and a grievance
Concerns are handled consistently across the business (not manager-by-manager), so everyone in your team is treated the same in the same situation
You follow a fair process and you can evidence what you did and why – you provide the right to be accompanied and to appeal decisions
Section 4: Records and “findability” (light-touch, but protective)
This is where small businesses often trip up - not because they don’t do the right things, but because there’s no record.
What you should be able to find quickly
contracts and written terms
policy pack / latest versions
right to work evidence
holiday and absence records
training records (where relevant)
notes of key conversations (performance, conduct, grievances)
recruitment records (short interview notes and decision rationale)
Practical tip: capture key points in the moment (or immediately after). It’s far easier than trying to reconstruct conversations later.
Storage and access
HR information is kept in one secure place (not scattered across inboxes and devices)
Only the right people have access
You have a simple way to keep version control (so you know what’s current)
You know what to do if someone requests access to their personal data (for example, a subject access request)
Starters and leavers
New starter paperwork is completed promptly (so nothing drifts)
There’s a clear leavers process (final pay/holiday pay, return of property and system access removed)
Remote/hybrid (if relevant)
Homeworking expectations are clear (basic workstation/DSE setup, data security and how issues are reported)
Section 5: Managers and leadership (the hidden compliance lever)
A lot of compliance risk isn’t about documents, it’s about what managers do day to day.
Managers know what’s expected of them in people management
Managers feel confident having difficult conversations early
Managers know when to ask for HR support (rather than hoping it resolves itself)
Leaders are consistent and similar issues are handled in similar ways
Section 6: Health and safety (a special case)
Health and safety responsibilities still apply in office-based businesses, even when risk feels low.
You have a clear approach to health and safety
If you have five or more employees, you have a written health and safety policy
Any key risks relevant to your workplace are assessed and documented
We’re not health and safety specialists, but we can provide a basic, office-based health and safety policy as a sensible starting point and flag where specialist input is more appropriate (for example, higher-risk environments or activities).
What to do if you find gaps
If this checklist has uncovered a few “no” answers, don’t try to fix everything in one week.
Step 1: Prioritise what creates the biggest risk or the most daily friction
Common priorities in SMEs are:
contracts/written terms not matching reality
absence and holiday processes being unclear
managers avoiding early performance conversations
disciplinary/grievance processes in place but not followed when the need arises
policies existing but not being followed
Step 2: Create a simple 30‑day plan
Keep it realistic:
Week 1: gather and centralise what you already have
Week 2: update the essentials (contracts/policies) to ensure they reflect the current situation
Week 3: agree the core processes (onboarding, absence, performance)
Week 4: create simple forms or processes to consistently capture and record key information: sickness/holiday etc
Week 5: develop template contracts and key letters for future use in a hurry
Week 6: using all the above brief managers /team leaders and set a simple “how we do it here” standard
Step 3: Make it easy to maintain
One place to store HR documents
One reminder in the diary to review annually
A quick sense‑check before hiring, promotions or restructures
The aim is not “perfect HR”. It’s clear foundations that help your people perform well and help you manage fairly and consistently.
FAQ
What does “HR compliance” mean for a small business?
It means having the right basics in place - documents, habits and records - so you employ people fairly and consistently and you can evidence what you did if you ever need to.
Do we need lots of HR policies to be compliant?
No. Most SMEs need a lean set of essential policies that cover the situations that come up most often: Disciplinary, Grievance, Equal Opportunities, Anti Harassment, Data Protection, Sickness Absence, Anti bribery and Whistleblowing – others can be added over time.
How often should we review HR documents?
It’s worth doing this annually – even if to simply confirm there’s no need for updates. And then any time your working arrangements, benefits or structure change.
What’s the most common compliance gap you see?
Usually it’s inconsistency (each manager’s approach differing), lack of knowledge or limited/no documentation - not bad intent.
If you’d like support
If you want a simple, practical sanity-check of your HR foundations - and a clear plan for what to prioritise - we can help you get it clear, lean and workable.
This is general guidance for UK employers. If you’re dealing with something live, the detail matters - get advice before taking action.
