Skip to main content
Forms Legal

Social Media Policy for Employees (England & Wales)

Social Media Policy for Employees

England & Wales — DPA 2018, UK GDPR & Employment Rights Act 1996

[Company Name]

[Company Street], [Company City], [Company Postcode]

SOCIAL MEDIA POLICY FOR EMPLOYEES

Effective Date: [Policy Date]

1. PURPOSE

1.1 This Social Media Policy (the "Policy") sets out the standards of conduct expected of all employees, workers, contractors, agency staff, and other individuals engaged by [Company Name] (the "Company") in relation to the use of social media, both in a professional capacity and in a personal capacity where conduct may affect the Company.

1.2 The purpose of this Policy is to: (a) protect the reputation, confidentiality, and intellectual property of the Company; (b) protect employees and third parties from harassment, discrimination, and defamation; (c) ensure compliance with applicable legislation, including the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), the Employment Rights Act 1996, the Equality Act 2010, the Defamation Act 2013, the Computer Misuse Act 1990, and the Regulation of Investigatory Powers Act 2000 (RIPA); (d) provide clear guidance on the use of company social media accounts; and (e) set out the consequences of breaching this Policy.

1.3 This Policy does not form part of any employee's contract of employment and may be amended by the Company from time to time. The most up-to-date version of this Policy will be made available to employees.

2. SCOPE

2.1 This Policy applies to all employees, workers, contractors, agency staff, volunteers, and any other person engaged by [Company Name], whether on a full-time, part-time, fixed-term, or temporary basis (collectively, "Personnel").

2.2 This Policy applies to the use of social media:

  • on company equipment (including computers, laptops, tablets, and mobile phones provided by the Company);
  • on personal equipment during working hours;
  • outside of working hours, where the conduct affects or has the potential to affect the Company, its employees, clients, or business relationships.

2.3 For the purposes of this Policy, "social media" means any online platform, application, or service that enables users to create, share, or interact with content, including but not limited to: [Platforms Covered].

3. DEFINITIONS

3.1 In this Policy, the following terms have the meanings set out below:

  • "Company social media accounts" means any social media account, page, profile, or channel operated in the name of the Company or on behalf of the Company.
  • "Personal social media accounts" means social media accounts created and maintained by Personnel for their own personal use.
  • "Confidential information" means any information that is not in the public domain and that the Company would reasonably wish to keep private, including but not limited to trade secrets, client and customer data, financial information, business strategies, and personnel information.
  • "Working hours" means the hours during which Personnel are contracted to work, including any overtime, whether at Company premises or elsewhere.
  • "Gross misconduct" has the meaning given in the Company's Disciplinary Procedure, which is available from the Human Resources department.

4. PERSONAL USE OF SOCIAL MEDIA DURING WORKING HOURS

4.1 The Company's position on personal social media use during working hours is as follows: personal social media use during working hours is [Personal Use Policy].

4.2 Where personal social media use is permitted on a limited basis, it must not interfere with an employee's ability to perform their duties, must not involve the use of company equipment unless otherwise authorised, and must at all times comply with this Policy.

4.3 Excessive personal social media use during working hours that affects productivity or performance may be addressed through the Company's performance management or disciplinary procedures.

5. PERSONAL ACCOUNTS — CONDUCT STANDARDS

5.1 When using personal social media accounts, Personnel must comply with the following guidelines:

[Personal Account Guidelines]

5.2 Personnel should be aware that content posted on personal social media accounts can be viewed by a wide audience and may be attributed to the Company. Even where a disclaimer is used (such as "views are my own"), content that is discriminatory, defamatory, or brings the Company into disrepute may still give rise to disciplinary action.

5.3 Under the Defamation Act 2013, an individual who publishes a defamatory statement about another person or organisation on social media may be personally liable for defamation. Personnel are personally responsible for content they publish on their personal social media accounts.

6. COMPANY SOCIAL MEDIA ACCOUNTS

6.1 Only the following authorised representatives of the Company may post content on official company social media accounts: [Authorised Posters].

6.2 All authorised Personnel posting on company social media accounts must comply with the following guidelines:

[Company Account Guidelines]

6.3 Approval process: [Approval Process]

6.4 Authorised Personnel who leave their role or whose authorisation is revoked must immediately cease to post on company social media accounts and must transfer any account credentials to the nominated successor or to the policy owner.

7. CONTENT GUIDELINES — PROHIBITED CONTENT

7.1 Personnel must not post, share, like, retweet, or otherwise engage with social media content that:

  • is discriminatory on the grounds of any protected characteristic under the Equality Act 2010 (including age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, or sexual orientation);
  • constitutes harassment or bullying of a colleague, client, competitor, or any other individual;
  • is defamatory of any person or organisation within the meaning of the Defamation Act 2013;
  • discloses confidential information belonging to the Company, its clients, or its employees;
  • infringes the intellectual property rights of the Company or any third party, including copyright, trade marks, and database rights;
  • constitutes unauthorised access to or interference with computer systems contrary to the Computer Misuse Act 1990;
  • violates the privacy of any individual, including by sharing personal data without a lawful basis under the UK GDPR;
  • brings the Company, its clients, or its employees into disrepute; or
  • is otherwise unlawful.

7.2 Personnel should exercise particular caution when posting about ongoing legal matters, regulatory proceedings, or commercial negotiations, as such posts may prejudice the Company's legal position.

8. CONFIDENTIALITY AND TRADE SECRETS

8.1 The Company's confidentiality obligations apply to all social media activity. Personnel must adhere to the following:

[Confidentiality Reminder]

8.2 The duty of confidentiality survives the termination of employment and continues to apply after Personnel have left the Company, insofar as the information remains confidential.

8.3 The obligation not to disclose confidential information via social media is in addition to, and not in substitution for, any confidentiality obligations in the employee's contract of employment or any separate confidentiality agreement.

9. INTELLECTUAL PROPERTY

9.1 Any content created by Personnel in the course of their employment or engagement, including social media content created for the purpose of the Company's business, is the intellectual property of the Company pursuant to sections 11 and 215 of the Copyright, Designs and Patents Act 1988.

9.2 Personnel must not use the Company's name, logo, trade marks, or other intellectual property on personal social media accounts without express prior written authorisation from the Company.

9.3 When sharing third-party content on company social media accounts, Personnel must ensure that appropriate licences or permissions are in place and that copyright attributions are given where required.

10. MONITORING

10.1 [Monitoring Statement]

10.2 Any monitoring of Personnel's use of social media will be conducted in a proportionate manner and will be limited to what is necessary for the legitimate purposes of protecting the Company's business interests, ensuring compliance with this Policy, and preventing or detecting unlawful activity.

10.3 Personnel are reminded that their use of company IT systems, including internet access, is monitored in accordance with the Company's IT Acceptable Use Policy and in accordance with the Regulation of Investigatory Powers Act 2000 and the Data Protection Act 2018.

11. DATA PROTECTION

11.1 Personnel must comply with the Data Protection Act 2018 and the UK GDPR when using social media in a business context. This includes ensuring that:

  • personal data of clients, employees, or third parties is not shared on social media without a lawful basis under UK GDPR Article 6;
  • special category personal data (such as health data, racial or ethnic origin, or religious beliefs) is never disclosed on social media;
  • any requests from individuals to remove personal data from social media posts are handled in accordance with the Company's Data Protection Policy and the individual's rights under UK GDPR Articles 17 and 21;
  • photos, videos, or other media featuring identifiable individuals are not published without the consent of the individuals concerned.

11.2 Concerns about data protection in relation to social media activity should be reported to the Company's Data Protection Officer or the policy owner.

12. DISCRIMINATION AND HARASSMENT

12.1 The Company is committed to equal opportunities and maintaining a workplace free from discrimination, harassment, and bullying. These commitments extend to social media activity.

12.2 Under the Equality Act 2010, harassment is defined as unwanted conduct related to a protected characteristic that has the purpose or effect of violating a person's dignity, or of creating an intimidating, hostile, degrading, humiliating, or offensive environment for them. Social media posts that constitute harassment of a colleague, client, or third party on the basis of a protected characteristic may give rise to both disciplinary action and personal civil liability.

12.3 Personnel who experience or witness harassment or bullying via social media should report it to their line manager or the Human Resources department in accordance with the Company's Anti-Harassment and Bullying Policy.

13. DISCIPLINARY ACTION

13.1 [Disciplinary Consequences]

13.2 All disciplinary proceedings arising out of a breach of this Policy will be conducted in accordance with the Company's Disciplinary Procedure and the ACAS Code of Practice on Disciplinary and Grievance Procedures (2015). Employees have the right to be accompanied at any disciplinary or grievance hearing by a trade union representative or a workplace colleague pursuant to section 10 of the Employment Relations Act 1999.

13.3 Where a breach of this Policy also constitutes a criminal offence (for example, under the Computer Misuse Act 1990 or the Defamation Act 2013), the Company reserves the right to report the matter to the relevant authorities and to cooperate with any criminal investigation.

14. RESPONSIBILITIES

14.1 All Personnel are responsible for: reading, understanding, and complying with this Policy; completing any social media training provided by the Company; and reporting any concerns about potential breaches of this Policy to their line manager, the Human Resources department, or the policy owner.

14.2 Line managers are responsible for: ensuring that Personnel within their team are aware of and comply with this Policy; addressing any concerns or breaches of this Policy as they arise; and escalating serious concerns to the Human Resources department.

14.3 The policy owner ([Policy Owner]) is responsible for: maintaining and updating this Policy in response to changes in legislation, guidance, and best practice; providing training and guidance on social media use; investigating reported breaches of this Policy; and reporting to senior management on social media-related matters.

14.4 The Board of Directors or senior management are responsible for: approving this Policy and any material amendments; ensuring that adequate resources are allocated for social media governance; and setting the tone from the top regarding responsible social media use.

15. REVIEW

15.1 This Policy will be reviewed by [Policy Owner] no later than [Review Date], and thereafter at least annually, or sooner in the event of material changes to applicable legislation, regulatory guidance, or the Company's use of social media.

15.2 Personnel will be informed of any material changes to this Policy and will be asked to confirm their understanding and acceptance of the revised Policy.

15.3 Queries about this Policy should be directed to [Policy Owner] or to the Human Resources department.

16. APPROVAL

Policy Owner: [Policy Owner]

Approved By: [Approved By]

Date of Approval: [Approval Date]

Next Review Date: [Review Date]

Organisation: [Company Name]

Authorised Signatory

________________

Signature

Date: ________________

Maintained by Vladislav Sergienko, Founder·Template last modified: ·Report an error

What Is a Social Media Policy for Employees (England & Wales)?

A Social Media Policy for Employees in the United Kingdom sets out the standards, responsibilities, and procedures the organisation expects everyone to follow, and takes its legal force from the Employment Rights Act 1996.

The policy operates at the intersection of employment law, data protection law, defamation law, and criminal law. The Employment Rights Act 1996 requires employers to make clear the disciplinary standards expected of employees and the consequences of breaching them. The Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR) impose obligations on employers to prevent unauthorised disclosure of personal data, including disclosure via social media. The Equality Act 2010 imposes vicarious liability on employers for harassment committed by their employees, including harassment via social media. The Defamation Act 2013 makes individual employees personally liable for defamatory statements published on social media. The Computer Misuse Act 1990 criminalises unauthorised access to computer systems, including social media accounts.

A Social Media Policy typically addresses two distinct contexts. The first is professional use: the management of official company social media accounts, including who is authorised to post, what approval processes must be followed, what content standards apply, and how complaints and negative comments should be handled. The second is personal use: the standards expected of employees when using their own personal social media accounts, particularly where posts identify the individual as an employee of the organisation or where posts could affect the employer's reputation, its clients, or its colleagues.

The ACAS guidance on social media in the workplace, published by the Advisory, Conciliation and Arbitration Service, recommends that employers develop a dedicated Social Media Policy that is clearly communicated to all employees and consistently enforced. ACAS guidance notes that social media-related disciplinary cases have increased significantly in recent years, and that employers without a clear policy are at a substantial disadvantage when defending Employment Tribunal claims arising from social media disputes.

The legal framework governing the Social Media Policy for Employees (England & Wales) in United Kingdom draws on several key statutes and regulatory bodies. Under the Companies Act 2006, Companies House maintains the register of UK companies. Section 386 of the Companies Act 2006 sets accounting record obligations. The Competition and Markets Authority (CMA) enforces the Consumer Rights Act 2015. The Financial Conduct Authority (FCA) regulates financial services under the Financial Services and Markets Act 2000. The High Court of Justice has jurisdiction under the Senior Courts Act 1981. Parties executing a Social Media Policy for Employees (England & Wales) in United Kingdom should confirm the document reflects current law, including any amendments enacted since the original drafting date. The Companies Act 2006 sets the foundational requirements.

When Do You Need a Social Media Policy for Employees (England & Wales)?

Every employer in England and Wales that employs staff should have a Social Media Policy, regardless of the size of the organisation or the sector in which it operates. The need for a Social Media Policy has become more acute as social media platforms have proliferated and as the boundary between personal and professional life has become increasingly blurred in the digital age.

You need a Social Media Policy if your organisation uses social media for marketing, communications, or customer engagement. Official company accounts on platforms such as LinkedIn, Facebook, Instagram, Twitter/X, YouTube, or TikTok create legal and reputational risks that must be managed through clear governance structures. Designating who can post, what approval processes must be followed, and what content standards apply is essential to prevent inadvertent disclosure of confidential information, breaches of advertising standards, copyright infringement, or defamatory publication.

You need a Social Media Policy if your employees use social media for any work-related purpose. Even employees who do not have responsibility for official company accounts may use LinkedIn to represent the organisation professionally, discuss work matters on Twitter/X or Facebook, or use social media to communicate with clients or colleagues. Each of these activities creates risk that must be managed through a policy that clearly delineates acceptable and unacceptable conduct.

You need a Social Media Policy if you have experienced or wish to prevent social media-related incidents. These include: an employee posting derogatory or discriminatory comments about a colleague, competitor, or client; an employee disclosing confidential business information or client data on social media; a former employee continuing to access company social media accounts after their employment has ended; an employee publishing defamatory statements that expose the company to reputational and legal risk; or an employee accessing a colleague's social media account without authorisation, potentially in breach of the Computer Misuse Act 1990.

You need a Social Media Policy if you wish to monitor employee use of IT systems. Under the Regulation of Investigatory Powers Act 2000 and the UK GDPR, employees must be informed of any monitoring before it takes place. A Social Media Policy provides the appropriate notice to employees and forms part of the lawful basis for monitoring under the UK GDPR's legitimate interests ground.

The Employment Tribunal has upheld social media-related dismissals in a wide range of circumstances, but only where the employer can demonstrate that the employee was on clear notice of the standards expected and the potential consequences of breaching those standards. A Social Media Policy provides that notice.

What to Include in Your Social Media Policy for Employees (England & Wales)

A well-drafted Social Media Policy for Employees in England and Wales should contain several essential components that address the principal legal risks and workplace scenarios.

The scope clause defines which individuals the policy applies to (employees, workers, contractors, agency staff) and which activities it covers (use of social media on company equipment, during working hours, and on personal accounts where conduct affects the employer). Limiting the scope to working hours only is no longer sufficient given that Employment Tribunals regularly uphold dismissals for out-of-hours social media conduct where the posts affect the employment relationship.

The personal use section addresses the employer's position on employee use of personal social media accounts during working hours — whether this is prohibited, limited to breaks only, or unrestricted subject to productivity obligations — and sets out the conduct standards that apply to personal social media activity at all times.

The company accounts section identifies who is authorised to post on official company accounts, sets out the approval process for content before publication, specifies the content standards that apply, and addresses the transfer of account credentials when an authorised user leaves their role.

The prohibited content clause is one of the most legally important elements of the policy. It should expressly identify the types of content that are prohibited, with specific reference to the relevant legislation: discriminatory content contrary to the Equality Act 2010; defamatory content contrary to the Defamation Act 2013; content disclosing confidential information or personal data without a lawful basis; and content that involves unauthorised access to computer systems contrary to the Computer Misuse Act 1990.

The confidentiality clause reinforces the employee's contractual confidentiality obligations in the social media context and makes clear that these obligations survive termination of employment. Reference to the employee's contract of employment and any separate non-disclosure agreement is important to create clear linkage.

The monitoring clause informs employees of the employer's right to monitor social media use on company IT systems, the legal basis for monitoring, and the proportionate approach the employer will take. This is essential to comply with the Regulation of Investigatory Powers Act 2000 and the UK GDPR requirement to inform data subjects of processing activities.

The data protection clause reinforces UK GDPR obligations in the social media context: employees must not share personal data of clients, employees, or third parties on social media without a lawful basis, and must not publish photographs or videos featuring identifiable individuals without consent.

The disciplinary consequences clause sets out the potential sanctions for breach of the policy, up to and including summary dismissal for gross misconduct. This section must be aligned with the employer's formal Disciplinary Procedure and the ACAS Code of Practice, and should identify specific examples of gross misconduct in the social media context to give employees clear guidance.

The responsibilities section allocates accountability across different levels of the organisation: all employees, line managers, the policy owner, and senior management. This allocation of responsibility is essential for demonstrating to an Employment Tribunal that the employer took all reasonable steps to prevent policy breaches. The forms-legal.com Social Media Policy for Employees (England & Wales) template covers the mandatory elements under Companies Act 2006.

Cite this page

Reference this free template in an article, syllabus, or research note:

APA

Forms Legal. (2026). Social Media Policy for Employees (England & Wales) (United Kingdom) [Legal document template]. Forms Legal. https://forms-legal.com/uk/business/policies/social-media-policy-uk

MLA

"Social Media Policy for Employees (England & Wales) (United Kingdom)." Forms Legal, 2026, https://forms-legal.com/uk/business/policies/social-media-policy-uk.

BibTeX
@misc{formslegal-social-media-policy-uk,
  author       = {{Forms Legal}},
  title        = {Social Media Policy for Employees (England & Wales) (United Kingdom)},
  year         = {2026},
  howpublished = {\url{https://forms-legal.com/uk/business/policies/social-media-policy-uk}},
  note         = {Free legal document template. Based on Companies Act 2006}
}

Also available for these jurisdictions:

United StatesUnited StatesCanadaCanadaAustraliaAustraliaNew ZealandNew Zealand

Frequently Asked Questions

Based on Companies Act 2006 — Template last modified June 2026Verify the source →

This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer

Found an error? Let us know

Related Documents

You may also find these documents useful:

Employee Handbook Acknowledgment (England & Wales)

Document that your employees have received, read, and understood your Employee Handbook with this Acknowledgment form drafted for England and Wales. This template covers the key policies that every UK employer should include — disciplinary and grievance procedures aligned with the ACAS Code of Practice, equal opportunities under the Equality Act 2010, health and safety obligations under the Health and Safety at Work Act 1974, data protection under the UK GDPR, and whistleblowing protection under the Public Interest Disclosure Act 1998. Includes an express statement that the handbook is non-contractual unless otherwise stated.

Privacy Policy (UK)

Create a detailed UK Privacy Policy compliant with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. This template covers data controller identification, ICO registration, lawful bases for processing, data subject rights, cookies under PECR, international data transfers, data retention, and breach notification. Suitable for websites, apps, and online services operating in England and Wales. Fill in your organisation's details, preview in real time, and download as PDF or Word.

Non-Disclosure Agreement (NDA) (UK)

Protect your confidential business information in England and Wales with a legally sound Non-Disclosure Agreement. Whether you are sharing trade secrets with a prospective partner, disclosing proprietary technology to a developer, or presenting financial projections to a potential investor, a properly drafted UK NDA keeps your sensitive information under strict legal protection. Our template is drafted in accordance with English common law and incorporates the key provisions required for enforceability in England and Wales.

Employment Contract (England & Wales)

Hiring someone in England or Wales? You are legally required to give them a written statement of employment particulars on or before their first day of work. Our UK Employment Contract template meets all requirements of the Employment Rights Act 1996 and covers working hours, salary, holiday entitlement, notice periods, pension auto-enrolment, confidentiality, and optional restrictive covenants. Download as PDF or Word in minutes.

Data Processing Agreement — UK GDPR (England & Wales)

Create a Data Processing Agreement (DPA) fully compliant with UK GDPR Article 28 and the Data Protection Act 2018 for England and Wales. This template covers all mandatory Article 28(3) processor obligations, ICO registration, sub-processor authorisation with prior notice, UK IDTA provisions for international transfers outside the UK, technical and organisational security measures under Article 32, personal data breach notification timelines, data subject rights assistance, DPIA support, audit rights with advance notice, and data deletion or return obligations. Includes controller ICO registration details, special category data provisions, and automatic termination with the principal services agreement. Governing law: England and Wales. Download as PDF or Word.