ICO publishes new guidelines for employee monitoring at work

In 2022, the UK ICO released topic-specific guidance on employee monitoring. The guidance was published in draft form and is open to consultation until 11 January 2023. The ICO reviewed the Employment Practices Data Protection Code to reflect changes in the workplace and technological advances. The purpose of the guidance is to inform employers how they can comply with the UK GDPR and the Data Protection Act 2018.  Specifically, the guidance aims to provide regulatory certainty, protect workers’ data rights, help employers build trust with workers, customers, and service users and assist employers on how to balance their own interests with the workers’ rights in relation to their personal data.

guidelines proposed by the ICo 

  • Employers must make workers aware of the nature, extent, and reasons for the monitoring.
  • To lawfully collect and process information from monitoring workers, you must identify a specific lawful basis: consent, contract, legal obligation, vital interests, or public task.
  • Special category data is personal data revealing or concerning information about racial/ethnic origin, political opinion, religious beliefs, trade union membership, genetic data, health, sex life, or sexual orientation. This data is sensitive and therefore requires additional protection. If the planned monitoring records this kind of data, employers must have a special category condition in addition to a lawful basis, before monitoring starts.
  • Prior to monitoring, employers can consult workers on monitoring plans. Employers should also consider anyone else captured by monitoring plans, such as customers, members of the public or household members for at-home work.

The report also references the importance of transparency, fairness, and accountability. Employers should be clear with workers about how and why they are processing their information. In order to practise fairness, employers should only monitor workers in ways they would reasonably expect. Employers should be held accountable for complying with data protection laws and this should reflect in their monitoring practices.


Employers may monitor workers to meet regulatory obligations in the financial services industry. They should consider the changes work-from-home culture will have on employee monitoring and how this can impact family members of employees. Employers should also inform employees of how they will be monitored with detail and transparency.

next steps for firms

The guidance means that firms may have to update their employment handbooks and contracts. We can advise you on the best approach and assist with any queries on the guidance’s new requirements.

The guidance remains open for consultation. There are two online input forms available until 11 January 2023, which can be accessed here and here.

To access the ICO guidance, click here.

For more information or advice on the changing employee monitoring guidance, or for support in forming or updating employment handbooks or employment contracts, Cleveland & Co External in-house counsel™, your specialist outsourced legal team, are here to help.

Please click here to follow us on LinkedIn to receive the latest information on this and other important topics!



Leave a reply

Your email address will not be published. Required fields are marked *



We'd love to hear from you, please get in touch with us if you have any questions.


©2023 Cleveland & Co

Log in with your credentials

Forgot your details?