It’s good to see you back again for part 4 of our Small Business HR Masterclass. Today we’re going to edge you gently into policies and procedures.
I can already feel the stifled yawns.
Yes, we get it – policies can be really boring, especially when the way you do business is all about challenging the status quo. Doing things differently. And rejecting traditional and old-fashioned business methodologies.
But the power of the policy prevails.
We have worked with SO MANY clients who have got themselves into a bit of a people pickle because they haven’t got certain policies and procedures, or they haven’t followed them correctly. And this has put their business at significant risk – from both a financial and reputation perspective.
Some policies are even a legal requirement, so read on and find out what you really need.
1. Disciplinary and grievance
You are legally obliged to have both a disciplinary and a grievance policy under the Employment Rights Act 1996. You’ll already know this though, because it was covered in our previous Masterclass on Terms and Conditions.
Employees have a right to receive information regarding the procedures around disciplinary issues or raising a grievance. And it is good practice to ensure that both of these policies comply with the ACAS Code of Practice. Employment tribunals also reserve the right to uplift compensation payments for employers who suffer a loss at tribunal and have failed to follow the ACAS Code of Practice.
It is often useful to outline how an investigation would take place too, for example. We often recommend including these steps to our clients, to ensure their policies are robust and fit for purpose. It also guides managers and breaks down the process, so it is easier to implement.
A basic policy is what is legally required of you, so if you don’t have one, this is a massive risk area for your business.
You can also add in additional clauses, which you may feel give you added protection. For example, some employers reserve a right not to apply their disciplinary procedure to employees who are in their probation period. This means – when done correctly – you can terminate a poor hire quickly.
2. Health and safety
Once you have 5 employees, you are legally required to have a health and safety policy.
This policy needs to set out and clearly explain your approach to health and safety.
It needs to cover every conceivable risk in your business. If you team are mainly in the office, are the cables a tripping hazard? If you have machinery, how do you stop Fred’s hand from getting mangled?
You need to provide practical details of the arrangements you have in place, and how they are monitored. For example, by regular risk assessment.
It is valuable to consider including other elements, which may prevent you from having to produce lots of separate policies. As an example, employees have a legal right to rest breaks. The provision for this is called the Working Time Directive, and it dictates a limit of weekly working hours, as well as break times.
3. Equal opportunities
Diversity and inclusion are hot topics in the world of business and HR right now.
And for good reason. For far too long, various communities have been excluded or faced barriers to opportunities in the workplace. Whether intentionally or not, it is important that these barriers are removed and that everyone has equal access to the workplace.
This is also the law, because it is illegal to discriminate – even indirectly or ‘by accident’ – against someone for a protected characteristic.
To be super clear – because this info is on a need-to-know basis – there are nine protected characteristics:
- Sex (or gender)
- Sexual orientation
- Pregnancy and maternity
- Race, including ethnicity, ethnic or national origin
- Religion
- Age
- Disability
- Gender reassignment
- Marriage (or civil partnership)
Having an equal opportunities policy sets out what measures you will take as an employer, to eliminate discrimination.
This could be by making reasonable adjustments to enable disabled employees to access the building. It could be by only having blind CVs and applications for your vacancies, so you aren’t judging someone – even unconsciously – by a particular characteristic.
It also sets out what you’ll do if there is a complaint that is in breach of the policy, e.g., a disciplinary procedure.
4. Antibribery
It is advisable to have an antibribery policy in place if there is a chance that an employee may be exposed to bribery. For example, if they work in a competitive sales role.
It’s also just good practice and means you commit to doing business ethically.
It can sometimes be a bit of a grey area, and an employee may not even realise they are the ‘victim’ of a bribe. They might, for example, receive a box of chocolates as a thank you from a client. However, this could be perceived as a gift in exchange for business, even if it is not crystal clear. And it can land you in hot water.
You’ll need to have a policy that is appropriate for the level of risk in your business. Generally, you need to cover:
- How you will reduce and control bribery risks in your organisation.
- Rules about accepting gifts, hospitality, and donations.
- Guidance on how you conduct business, e.g., contract negotiations.
- Measures you will take to avoid or prevent conflicts of interest.
Your policy needs to be written in conjunction with the Bribery Act 2010, and you need to comply with it. Failure to do so carries hefty penalties. These include unlimited fines for businesses and organisations, and up to 10 years imprisonment.
5. Data protection, and employee and job candidate privacy notices
Ok, so I’m squeezing a couple of policies into one point here. That’s just extra value!
These policies are closely linked, so it would make sense to have them all.
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR). It dictates how someone’s personal information is used by organisations.
It is also incredibly strict. There are very specific rules to ensure that personal data is:
- Used fairly, lawfully, and transparently.
- Used for specific purposes.
- Only used as far as is necessary.
- Accurate and kept up to date.
- Kept only for as long as is necessary to do so.
- Processed and kept in a way that ensures its security. This includes protection against unlawful or unauthorised processing, access, loss, destruction, or damage.
There is even strong legal protection for sensitive data, which relates to an individual’s protected characteristics (as listed above). It also includes, but is not limited to, a person’s health status, genetics, political opinions, and biometric data.
We always advise our clients to specifically set out how they process the data of their employees in a separate policy. The same applies for job candidates.
Having a specific document in place for employees and job applicants means that your processes are well-thought out and considered. And if they are followed correctly, you will know what to do if a complaint is raised.
Employees also have a right to make a Subject Access Request (SAR), which means they can ask you what personal information you hold about them. The Information Commissioner’s Office (ICO) controls this process and there are specific timeframes in which you must respond to the request, as an employer. And if you don’t, you have to report it to them.
Infringement of the Data Protection Act 2018 – so breaching GDPR – in the UK carries a hefty fine. The maximum fine is £17.5 million, or 4% of annual global turnover, whichever is greater.
So, get it right first time!
For more information or if you have any questions about your policies and procedures, please do get in touch. Or why not add to the discussion on LinkedIn?
We also offer a free HR health check, which will highlight all of your business risk areas – including relating to these policies. Why not give us a shout?
Join us for the next and final instalment, where we will talk about onboarding new employees into your organisation.
In the meantime, please check out our HR Consultancy Birmingham.