UK Employee Handbook Checklist: The 12 Policies Startups Get Wrong (or Miss Completely)

Most startup handbooks look fine — until they're tested.

A founder thinks they're covered because they downloaded a template in 2022 and filled in the company name. Then someone goes on long-term sick leave. Or raises a grievance. Or questions whether they're being treated fairly. And suddenly, that handbook doesn't hold up.

The triggers are always the same: disputes, sickness, poor performance, exits. The outcomes? Employment tribunals, legal fees, and reputational damage that's hard to recover from.

This checklist covers the 12 policies UK startups commonly get wrong (or miss entirely). Use it as a self-audit. If you tick fewer than 10, your handbook isn't fit for purpose.

The 12 Policies UK Startups Get Wrong

✅ 1. Disciplinary & Grievance (Not ACAS-Aligned)

The mistake:

Using a generic template that doesn't follow the ACAS Code of Practice. Or worse, making it up as you go.

Why it matters:

If you don't follow ACAS procedures in a disciplinary or grievance case, an employment tribunal can increase any compensation award by up to 25%. It's the first thing tribunals check.

What you need:

A clear process that covers:

• Informal resolution first
• Written notice of any allegations
• Right to be accompanied
• Investigation before any decision
• Appeal rights

Red flag: Your policy says "we reserve the right to dismiss without warning." (You can't. Even gross misconduct requires a process.)

---

✅ 2. Sick Leave vs SSP Confusion

The mistake:

Confusing company sick pay with Statutory Sick Pay (SSP), or not covering either properly.

Why it matters:

Employees are entitled to SSP after 4 days of sickness (£116.75/week as of 2026). Many startups assume they have to pay full salary — they don't. But if your handbook says "we offer sick pay" without clarifying what that means, you've just made it contractual.

What you need:

Clear distinction between:

• SSP: statutory minimum (usually paid after 4 qualifying days)
• Company sick pay: anything above SSP that you choose to offer
• What evidence you need (fit note after 7 days)
• Return to work processes

Red flag: Your handbook says "sick pay is discretionary" but doesn't explain how or when it's paid.

---

✅ 3. Holiday Approval Ambiguity

The mistake:

Vague wording like "holiday requests are subject to approval" without explaining how approval works, who decides, or what happens if requests clash.

Why it matters:

Annual leave is a legal right. You can control when employees take it, but you can't arbitrarily deny it. If your policy is too loose, you lose control. If it's too strict, you breach statutory entitlement.

What you need:

• Minimum notice period for requests (e.g., 2x the length of leave requested)
• How you handle clashes (first-come-first-served vs operational needs)
• Rules around Christmas, bank holidays, and busy periods
• What happens to unused leave at year-end (use-it-or-lose-it is legal in the UK if clearly communicated)

Red flag: No mention of statutory leave (28 days including bank holidays minimum) or what "pro-rata" means for part-timers.

---

✅ 4. Remote Working & DSE Gaps

The mistake:

No remote work policy in 2026. Or a policy that says "we support flexible working" but doesn't cover equipment, health & safety, or what "remote" actually means.

Why it matters:

If employees work from home, you're legally responsible for their health and safety under the Health and Safety at Work Act 1974. That includes DSE (Display Screen Equipment) assessments, ergonomic setup, and mental health support.

What you need:

• Where employees can work from (UK only? Abroad for short periods?)
• Equipment provided (laptop, monitor, chair?)
• DSE assessment process (even if it's a self-assessment form)
• Expense reimbursement (broadband, electricity, coworking space?)
• Core hours and timezone expectations
• Data security requirements (VPN, locking screens, etc.)

Red flag: Your policy says "work from anywhere" but has no mention of tax implications, work permits, or insurance.

---

✅ 5. Equality Policy Copied from US Templates

The mistake:

Using a US-based template that references "Title VII," "ADA," or "EEOC" instead of UK law.

Why it matters:

The UK has the Equality Act 2010, which protects 9 protected characteristics. US law is different (and doesn't include some UK protections like age discrimination for under-40s). If your policy references the wrong legislation, it's useless.

What you need:

A UK-compliant equality policy covering:

• The 9 protected characteristics (age, disability, gender reassignment, marriage/civil partnership, pregnancy/maternity, race, religion/belief, sex, sexual orientation)
• Direct and indirect discrimination
• Harassment and victimization
• How to raise concerns
• What happens if someone breaches the policy

Red flag: Your policy mentions "EEOC complaints" or "at-will employment." Instant giveaway.

---

✅ 6. No Probation or Unclear Probation Rules

The mistake:

No probation period policy. Or a policy that says "probation is 3 months" but doesn't explain what happens during it.

Why it matters:

Employees gain full unfair dismissal rights after 2 years of service (in most cases). During probation, you have more flexibility to part ways if you follow a fair process. But probation isn't a free pass — you still need a reason and a process.

What you need:

• Length of probation (typically 3–6 months)
• What "passing probation" means (performance standards, review meetings)
• Notice period during probation (shorter than post-probation)
• Extension process if someone isn't hitting standards
• How dismissal during probation works (still requires fairness)

Red flag: Your contracts mention probation, but your handbook doesn't. (They should match.)

---

✅ 7. Vague Performance Management

The mistake:

No performance management policy, or one that says "we do annual reviews" without explaining what happens if someone underperforms.

Why it matters:

If you need to manage someone out for poor performance, you need evidence of a fair process. "We just didn't think they were a good fit" won't hold up at tribunal.

What you need:

• How often reviews happen (quarterly, annual)
• What good performance looks like
• What happens if someone underperforms (informal feedback → formal PIP → potential dismissal)
• Documentation requirements
• Support offered (training, coaching, adjusted targets)

Red flag: Your policy says "we can dismiss for poor performance at any time." (You can't — you need a fair process.)

---

✅ 8. Missing Data Protection Responsibilities

The mistake:

No GDPR policy, or one that only covers customer data (not employee data).

Why it matters:

Employees are data subjects under GDPR. You're processing their personal data (name, address, bank details, performance records). If you don't handle it correctly, you're non-compliant — and the ICO can fine you.

What you need:

• What data you collect and why
• How long you keep it (GDPR requires you to delete data when it's no longer needed)
• Employee rights (access requests, rectification, deletion)
• Data security measures
• What happens if there's a breach

Red flag: Your policy says "we take data seriously" but has no specifics on retention, access requests, or breach procedures.

---

✅ 9. No Social Media Guidance

The mistake:

No policy on social media use, or a policy that tries to ban employees from mentioning the company online.

Why it matters:

Employees can (and will) post about work. You can't ban it outright — but you can set boundaries around confidentiality, brand representation, and professional conduct.

What you need:

• Personal vs professional accounts (clarify expectations)
• What's confidential (customer data, financials, product roadmaps)
• How to handle negative comments or disputes
• Brand guidelines if employees want to mention the company
• Consequences for breaches

Red flag: Your policy says "employees must not use social media." (Unenforceable and likely unlawful.)

---

✅ 10. No Confidentiality / IP Clarity

The mistake:

No confidentiality policy, or no clarity on who owns IP (intellectual property) created during employment.

Why it matters:

If an employee leaves and starts a competing business using your customer list or codebase, you need a written policy that says they can't. Without it, you're relying on implied terms — which are harder to enforce.

What you need:

• What's considered confidential (customer data, financials, product plans, code)
• IP ownership (anything created during employment belongs to the company)
• Return of property on termination (laptop, phone, access credentials)
• Restrictions after leaving (non-compete, non-solicitation — but be careful, these are hard to enforce in the UK)

Red flag: Your policy says "employees must keep everything confidential forever." (Too broad — won't hold up.)

---

✅ 11. No Flexible Working Reference

The mistake:

No policy on flexible working requests, or a policy that says "we don't offer flexible working."

Why it matters:

Since April 2024, all employees have the right to request flexible working from day one. You can refuse, but you need a valid business reason. If your handbook says "we don't do flexible working," you're setting yourself up for claims.

What you need:

• How to request flexible working (written request, details required)
• How quickly you'll respond (2 months maximum)
• Valid reasons for refusal (cost, impact on performance, inability to reorganize work)
• Appeal process

Red flag: No mention of the Flexible Working Act 2023, or a blanket "no remote work" policy.

---

✅ 12. No Version Control or Change Log

The mistake:

No "last updated" date, no version history, no process for communicating changes.

Why it matters:

If you update a policy (e.g., change annual leave entitlement), employees need to know. If you don't communicate changes properly, they're not enforceable. Tribunals will ask "when did this policy come into effect?" If you don't know, you lose credibility.

What you need:

• Version number and date on every policy page
• Change log at the front of the handbook
• Communication process when policies change (email, team meeting, acknowledgment required)

Red flag: Your handbook was last updated in 2021 and still references furlough.

---

Red Flags That Your Handbook Isn't Fit for Purpose

Quick diagnostic. Your handbook is risky if:

❌ It was written more than 18 months ago without review
❌ It mentions benefits you no longer offer (free lunch, gym membership, that ping-pong table you sold on eBay)
❌ It doesn't reflect how your team actually works (says "9-5 office-based" when you're fully remote)
❌ There's no acknowledgment process (employees haven't confirmed they've read it)
❌ It uses US terminology ("401k", "PTO", "at-will employment")

Quick Self-Check: Is Your Handbook Risky?

Answer these 5 questions:

Does your disciplinary policy follow the ACAS Code? (Yes / No / Don't know)

Do you have a written remote working policy that covers health & safety? (Yes / No)

Is your equality policy UK-compliant (references Equality Act 2010)? (Yes / No)

Can you name the date your handbook was last updated? (Yes / No)

Have all employees acknowledged they've read the current version? (Yes / No)

Score:

• 5/5 Yes: You're in good shape (but still worth a professional review)
• 3-4 Yes: You're okay, but gaps need fixing
• 0-2 Yes: Your handbook is a liability

---

Next Step: Upload and Check in 30 Seconds

Don't guess. Upload your handbook to our free compliance checker and see exactly what's missing, what's risky, and what's outdated.

No signup. No spam. No storing your data. Run Free Compliance Check →

---

Related Resources

• Employee Handbook for UK Startups (2026): What to Include & Skip
• How to Create an Employee Handbook in One Day
• Common Employee Handbook Mistakes UK Startups Make