If you’re running a small business, “HR policies” can feel like one of those things you’re supposed to have, but nobody quite explains what’s actually essential.

We often see two extremes:

• A business with no policies at all, relying on good intentions and informal chats.

• A business with a bulky handbook, downloaded years ago, full of policies and clauses that don’t fit how the team actually works.

Neither is ideal.

In practice, most UK small businesses need a small set of clear, usable policies that do three things:

1. Set expectations (so people know what “good” looks like)

2. Help managers handle situations consistently

3. Protect the business when something gets sensitive, uncomfortable or needs to go formal

This blog breaks down a sensible policy set for most UK SMEs: the essentials, plus a few add-ons depending on how your business operates.

This post focuses on: which HR policies are worth having in place (and why), so your policy set stays lean and usable.

If you want:

• the plain-English overview of HR compliance (documents, habits and records), read Small Business HR Compliance in Plain English

• a tick‑box audit you can run quickly, read A Practical HR Compliance Checklist for UK SMEs

• help getting contracts right from the start, read Employment Contracts for UK Small Businesses: What to Include and Why

What we mean by “mandatory”

A quick note before we get into lists.

Some policies are legally required in a straightforward way. Others aren’t “mandatory” in the sense of you must have a document called X, but you are still expected to have a fair process and to be able to show what you did.

So when we say “mandatory”, we mean:

• policies you should have because the law requires you to communicate or follow a process or

• policies that are effectively essential because they reduce risk and demonstrate fairness

Either way, the goal isn’t to create paperwork. It’s to make sure you can run the people side of your business confidently.

The essentials: the policies most small businesses should have

If you only take one thing from this blog, make it this: you do not need dozens of policies.

You need the right ones, written in plain English, aligned with how you operate and easy to find.

1) Anti-harassment and bullying policy

This sets the tone for what behaviour is and isn’t acceptable and gives people a clear route to raise concerns.

A practical version covers:

• what harassment and bullying look like in everyday terms, including sexual harassment

• how someone can report a concern

• what happens next (and how confidentiality is handled)

Why it matters: issues in this area can escalate quickly if leaders aren’t confident about what to do

2) Equal opportunities policy

You don’t need “corporate” wording to be clear about fairness and non‑discrimination.

A small-business policy should be plain and specific:

• what you expect from everyone

• how decisions are made fairly (recruitment, promotion, pay, training)

• what happens if someone raises a concern

Why it matters: it supports inclusion and helps you respond appropriately if something happens. Not to mention Tribunal claims accounted for around 50% of claims in the year to March 2025.

3) Disciplinary policy

Even in a small team, you need a clear approach to conduct and behaviour issues.

A good disciplinary policy doesn’t need legal language. It needs:

• what happens first (informal conversation and support)

• when it becomes formal

• who is involved

• how decisions are made and recorded

• how outcomes can be challenged

Why it matters: consistency protects relationships as well as the business.

4) Grievance policy

If someone has a complaint, you need a clear route for raising it and a fair way to handle it.

A practical grievance policy should cover:

• how concerns are raised

• how you’ll investigate

• how decisions are communicated and can be challenged

Why it matters: a fair grievance process can stop issues becoming bigger than they need to be – and ideally get resolved before they become a formal matter anyway.

5) Sickness absence policy

Absence is one of the most common areas where small businesses become inconsistent.

A useful policy answers:

• how team members report absence

• what managers do next

• when you’ll ask for medical evidence

• how you’ll stay in touch

• what support looks like

This isn’t about being strict. It’s about avoiding the “nobody knows what’s happening” feeling that can build quickly… and showing genuine care in difficult circumstances. Plus, it helps managers know when to trigger a conversation about short-term absences before they become a significant drain.

6) Holiday policy

Holiday entitlement exists regardless, but confusion around booking, carry-over and approval causes friction.

A simple holiday policy covers:

• how to book time off

• notice expectations

• busy periods/blackout dates (if relevant)

• carry-over rules

7) Data protection/employee privacy approach

You hold personal data about your employees: pay details; absence notes; emergency contacts; performance notes; recruitment records. That needs to be handled with care.

This is often positioned as “protecting employees” (which it is) but it also protects you as the employer.

A clear approach to employee data helps you to:

• reduce the risk of a data breach (and the cost, distraction and reputational impact that comes with it)

• respond confidently if someone asks to see their data (for example, as part of a complaint, a grievance or a subject access request)

• avoid informal “data sprawl” where sensitive information ends up in inboxes, WhatsApp messages or personal folders

• keep performance and conduct records fair, factual and appropriate

You don’t necessarily need a lengthy “GDPR policy” document, but you do need:

• a clear employee privacy notice (or section)

• a practical approach to storing, accessing and sharing HR information

• clear boundaries on what managers should (and shouldn’t) record and where it should be kept

In plain terms: keep it secure; keep it limited; keep it professional - and keep it in one place you can actually manage.

8) Whistleblowing policy

A whistleblowing policy gives people a safe way to raise serious concerns in the public interest.

While it’s not legally required for every small business to have a stand‑alone policy, it’s a strong signal of good governance and an ethical stance and can help you deal with issues early and appropriately. (People are protected by law when they make a qualifying disclosure.)

A practical policy covers:

• the type of concerns that count as whistleblowing

• how to raise a concern (including options for confidentiality)

• how you’ll respond and protect the individual

9) Anti-bribery policy

Not every small business faces the same bribery risk, but many do without realising it (think: procurement, gifts/hospitality, suppliers, introducers, public sector contracts, overseas work).

A sensible anti‑bribery policy doesn’t have to be long. It should be proportionate to the risk and clear about:

• gifts and hospitality

• conflicts of interest

• reporting concerns

• what happens if boundaries are crossed

A special case: health and safety

Health and safety is often overlooked in office-based businesses because it doesn’t feel like a risk but employers still have responsibilities.

We’re not health and safety specialists. What we can do is help you put a basic, office-based policy in place as a sensible starting point and we’ll always flag where your environment or activities suggest specialist input would be wiser.

As a rule of thumb: every business should have a clear approach to managing health and safety and if you employ five or more people, you must have a written health and safety policy.

If your environment is office-based, a straightforward policy and basic arrangements can often cover what you need. If your work is higher‑risk (e.g., manufacturing, construction, certain field work), specialist advice is usually sensible.

Add-ons that can be useful (depending on how you work)

Policies can be helpful, but they shouldn’t become clutter.

A useful test question is: will this help your people do their best work? If it won’t improve clarity, consistency or capability, it may be noise rather than support.

These add-ons are useful when relevant:

• flexible working/hybrid or remote working

• probation and performance expectations (support, check‑ins, clarity)

• code of conduct/standards of behaviour

• family leave summaries (maternity, paternity, shared parental leave)

• expenses and travel

• bonus/commission

• training and development

• social media (especially if brand reputation is sensitive)

What “good” policies look like in a small business

A policy can be legally sound and still fail in practice if nobody uses it.

Here are the markers of policies that actually work:

• Plain English (someone should be able to read it once and understand it)

• Aligned to how you operate (hours, flexibility, team structure, decision-making)

• Consistent (the policy matches what managers actually do)

• Easy to find (one place, not a PDF saved on someone’s desktop)

• Owned (everyone knows who to ask if they’re unsure)

If you have a team of managers, it’s also worth giving them a short “manager briefing” – the practical steps, not the theory.

Common mistakes we see (and how to avoid them)

Mistake 1: Downloading a template and never tailoring it

Templates can be a useful starting point, but if a policy doesn’t match how you operate, it becomes a risk.

Mistake 2: Having lots of policies, but not the right ones

We often see businesses with pages of policy content, but no clear absence approach, no whistleblowing route and a vague disciplinary/grievance process - which are exactly the areas that tend to get stressful.

Mistake 3: Policies exist, but managers don’t follow them

This is where inconsistency creeps in. A short manager briefing (and a simple checklist) can change everything.

Mistake 4: Policies are stored in too many places

If your policies live across email, shared drives and folders that only one person can access, they aren’t usable.

Aim for: one clear home, version control and a quick “where to find it” link.

A simple way to build your policy set (without overwhelm)

If you feel behind, don’t try to do it all at once.

Step 1: Start with the essentials

• anti-harassment and bullying

• equal opportunities

• disciplinary

• grievance

• holiday

• sickness absence

• data protection/privacy

• whistleblowing

• anti-bribery

Step 2: Add what creates clarity for your day‑to‑day

• probation/performance expectations

• flexible/hybrid working

• code of conduct

• family leave summaries

Step 3: Keep it current

Set a simple reminder to review policies once a year and whenever you:

• change working arrangements

• grow headcount

• introduce new benefits or pay structures

Small updates done regularly beat major rewrites done under pressure.

FAQ

Do we need a full HR handbook?

Usually not. Most small businesses do best with a lean policy set that people actually read and managers actually use.

Can we just use a template?

Templates are a starting point, not an answer. If your policy doesn’t match how you run the business, it won’t protect you when you need it.

How many policies should we have?

Enough to cover your core risks and day‑to‑day clarity, but not so many that your team switches off.

Where should policies be stored?

In one place that’s easy to access and properly controlled. Policies that are hard to find tend not to be followed.

How often should policies be reviewed?

At least annually and any time your working arrangements or structure change.

If you’d like support

If you want a straightforward way to check whether your policies are the right ones – and whether they match how your managers actually operate – we can help you get it clear, lean and usable.

This is general guidance for UK employers. If you’re dealing with something live, the detail matters - get advice before taking action.