Policy Guides

In-depth explainers from the PolicySuite team. What each policy is, who needs one, what must be in it, how it maps to compliance frameworks, and the most common mistakes we see. Free, no signup.

Maintained by the PolicySuite team
Data Protection

Privacy Policy (UK GDPR + EU GDPR)

The 12 required elements under Art 13/14, the 7 most common ICO enforcement triggers, and what your policy must not omit.

 Information Security

Acceptable Use Policy (AUP)

Scope, required clauses, AI-tool coverage, monitoring boundaries, and how it ties to ISO 27001 and NIST CSF.

 IT Security

BYOD Policy

What to include when employees use personal devices — MDM, data separation, UK/EU worker-privacy constraints, enforcement.

 Security

Incident Response Plan

The 6 phases (NIST IR 800-61), roles, the 72-hour ICO clock, NIS2 and DORA timelines, and what auditors look for.

 Compliance

Data Retention Policy

UK GDPR's storage-limitation principle, statutory periods, defensible deletion, and how legal hold interacts with your schedule.

 HR & Employment

Essential HR Policies for UK Small Businesses

The ten HR policies every UK small business needs, with ACAS and statute citations, what's legally required, and what can wait.

 HR & Employment

Hiring Your First Employee in the UK

The founder's step-by-step checklist: HMRC, EL insurance, right-to-work, contract, policies, pensions, and the day-one paperwork pack.

 Free Tool

GDPR Readiness Assessment

15 questions, 5 minutes. Score your posture across Foundations, Rights, Breach, Processors and Governance.

Why these guides exist

Compliance is full of policies that are easy to name but hard to actually write. Templates float around the internet, most are out of date or miss clauses the ICO and auditors specifically look for. These guides cover what must be in each policy, citing the relevant UK/EU law and ISO/NIST control. If writing from scratch is still too much work, every guide ends with the exact PolicySuite pack that contains the policy pre-drafted for your jurisdiction and industry.

More guides are coming. If there's a specific policy you want covered, let us know.