UK HR Compliance Checklist 2025/2026: What Every Employer Must Know

UK employment law is a moving target. Between the Employment Rights Bill working its way through Parliament, annual minimum wage increases, tax threshold changes, and evolving GDPR guidance, staying compliant requires constant attention. Getting it wrong is expensive: the average employment tribunal award for unfair dismissal in 2025 was over £13,000, and GDPR fines can reach 4% of global turnover.

This guide provides a practical compliance checklist that every UK employer should work through, covering the key legal obligations and upcoming changes for 2025/2026.

Right to Work Checks

Every UK employer must verify that each employee has the legal right to work in the UK before they start employment. Failure to conduct proper checks can result in a civil penalty of up to £60,000 per illegal worker (increased from £45,000 in February 2024).

How to Conduct Right to Work Checks

For British and Irish citizens:

1. Obtain the original document (passport, birth certificate with NI number)
2. Check the document is genuine, belongs to the person, and allows them to do the work in question
3. Make a clear copy (scan or photograph) and record the date you made the check
4. Keep the copy securely for the duration of employment and 2 years after employment ends

For non-British/Irish nationals:

• Use the Home Office online right to work checking service at gov.uk
• The employee provides a share code
• You verify their right to work status online
• Save the digital profile page as your record

For those with time-limited permission:

• Set a diary reminder to repeat the check before their permission expires
• If their status changes, you may need to end their employment (seek legal advice first)

Common Mistakes

• Conducting checks after employment has started (must be before day one)
• Accepting photocopies instead of originals
• Not recording the date of the check
• Not repeating checks for time-limited permissions
• Treating some nationalities differently (this is discrimination)

GDPR and Data Protection

The UK GDPR (retained from EU law) and the Data Protection Act 2018 govern how employers collect, store, and process employee personal data. The Information Commissioner's Office (ICO) enforces compliance.

Key Obligations for Employers

Lawful basis for processing:

• Employment contract (performance of a contract)
• Legal obligation (tax, right to work, pension)
• Legitimate interests (performance management, security)
• Consent (only where genuinely freely given — rarely appropriate in employment)

Employee data you are likely to hold:

• Personal details (name, address, date of birth, NI number)
• Bank details (for payroll)
• Health information (sickness records, occupational health reports)
• Performance records (reviews, disciplinary records)
• Recruitment data (applications, interview notes, references)

What you must do:

• Issue a privacy notice to all employees explaining what data you collect, why, how long you keep it, and their rights
• Maintain a Record of Processing Activities (ROPA) documenting all personal data processing
• Implement appropriate security measures (encryption, access controls, secure storage)
• Conduct Data Protection Impact Assessments (DPIAs) for high-risk processing (e.g. employee monitoring)
• Appoint a Data Protection Officer if required (mandatory for public authorities and some large-scale processors)
• Report data breaches to the ICO within 72 hours if they pose a risk to individuals
• Respond to Subject Access Requests (SARs) within one month
• Establish data retention policies — do not keep data longer than necessary

Data Retention Periods

Pension Auto-Enrolment

Since 2018, all UK employers must automatically enrol eligible workers into a workplace pension scheme.

Who Must Be Enrolled

Minimum Contribution Rates (2025/2026)

Contributions are calculated on qualifying earnings between £6,240 and £50,270 per year (2025/26 thresholds).

Employer Duties

• Choose a pension scheme and register with The Pensions Regulator
• Assess all workers at each pay period
• Auto-enrol eligible workers within 6 weeks of their start date (or when they become eligible)
• Process opt-outs correctly (refund contributions within 1 month)
• Re-enrol opted-out workers every 3 years
• Submit a Declaration of Compliance to The Pensions Regulator
• Keep records for 6 years

Penalties

• Fixed penalty: £400 for non-compliance
• Escalating daily penalties: £50 to £10,000 per day depending on employer size
• Prohibited recruitment conduct (offering employment conditional on opting out): criminal offence

National Minimum Wage and National Living Wage

From April 2025:

Compliance Requirements

• Check all employees are paid at or above the correct rate for their age band
• Review pay rates when employees have birthdays that move them to a higher band
• Ensure deductions do not reduce pay below the minimum wage (e.g. uniform costs, tools)
• Keep pay records for 6 years — HMRC can request these at any time
• Calculate hourly rate correctly for salaried staff (divide annual salary by total contracted hours)

Common Pitfalls

• Unpaid overtime: If salaried staff regularly work beyond their contracted hours, their effective hourly rate may drop below the minimum wage
• Salary sacrifice: Pension salary sacrifice or cycle-to-work schemes can reduce gross pay below NMW — check the net effect
• Accommodation offset: A maximum of £9.99 per day (2025/26) can be offset against minimum wage for employer-provided accommodation

Statutory Leave Entitlements

Annual Leave

• Minimum: 5.6 weeks (28 days for full-time, pro-rata for part-time)
• Bank holidays can be included in the 28 days
• Carry-over: workers can carry over up to 1.6 weeks (8 days) if the employer agrees
• Holiday pay must be based on normal remuneration (including regular overtime and commission, following the Harpur Trust v Brazel ruling)

Sick Leave

• SSP rate (from April 2025): £118.75 per week
• Payable after 3 waiting days for up to 28 weeks
• Employee must earn at least £123 per week (Lower Earnings Limit)
• Employees can self-certify for the first 7 days; a fit note is required from day 8

Maternity Leave

• Up to 52 weeks (39 weeks paid)
• SMP: 90% of average weekly earnings for 6 weeks, then £187.18 or 90% (whichever is lower) for 33 weeks
• Must give 15 weeks' notice before expected week of childbirth
• Protection from dismissal during pregnancy and maternity leave

Paternity Leave

• 2 weeks at £187.18 per week or 90% of average weekly earnings (whichever is lower)
• Must be taken within 56 days of the birth
• Employee must have 26 weeks' continuous service by the 15th week before the expected week of childbirth

Shared Parental Leave

• Up to 50 weeks of leave and 37 weeks of pay (shared between parents)
• Both parents must be eligible
• Requires 8 weeks' notice for each period of leave

Parental Leave

• 18 weeks unpaid per child, up to their 18th birthday
• Maximum 4 weeks per year per child
• Must have 1 year's continuous service

Health and Safety

Every employer has a duty to ensure the health, safety, and welfare of their employees under the Health and Safety at Work etc. Act 1974.

Key Requirements

• Risk assessments: Conduct and document risk assessments for all work activities
• Health and safety policy: Required in writing if you have 5 or more employees
• Employers' liability insurance: Mandatory — minimum cover of £5 million (most policies offer £10 million)
• Display the law poster: "Health and safety law: What you need to know" must be displayed or distributed
• First aid: Provide adequate first aid equipment and trained first aiders
• Fire safety: Conduct fire risk assessments, maintain fire detection systems, plan emergency evacuation
• DSE assessments: For employees who use display screen equipment regularly
• RIDDOR reporting: Report specified workplace injuries, diseases, and dangerous occurrences to the HSE
• Training: Provide adequate health and safety training for all employees

Employment Rights Bill 2025

The Employment Rights Bill, introduced in October 2024, is the most significant piece of employment legislation in a generation. While most provisions are not expected to take effect until 2026 at the earliest, employers should start preparing now.

Key Proposed Changes

Day-one unfair dismissal protection:

• Currently, employees need 2 years' service to claim unfair dismissal
• The Bill proposes making unfair dismissal a day-one right
• A statutory probationary period (expected to be 9 months) will apply, during which a lighter-touch dismissal process may be used
• Impact: Employers will need robust onboarding and early performance management processes

Zero-hours contracts reform:

• Workers on zero-hours or low-hours contracts will have the right to a guaranteed-hours contract reflecting their regular working pattern
• Based on a 12-week reference period
• Impact: Review all zero-hours and casual worker arrangements

Fire and rehire restrictions:

• Dismissal and re-engagement on less favourable terms will be automatically unfair unless the employer can demonstrate financial distress
• Impact: Review any planned contract variation processes

Flexible working:

• Already a day-one right (since April 2024)
• The Bill strengthens the obligation to give reasons for refusal
• Employers must explain why flexible working is not reasonably practicable

Statutory sick pay:

• Removal of the 3 waiting days (SSP from day one of sickness)
• Removal of the Lower Earnings Limit (all workers eligible regardless of earnings)
• Timeline: Expected 2026/2027

Right to disconnect:

• A Code of Practice on the right to disconnect is expected
• Not a blanket ban on out-of-hours contact, but employers will need policies on reasonable contact expectations

What Employers Should Do Now

• Review and update dismissal procedures to prepare for day-one rights
• Audit zero-hours and casual worker contracts
• Review fire and rehire policies
• Ensure flexible working request processes are robust
• Prepare for SSP changes (budget for day-one eligibility)
• Draft a right-to-disconnect policy

Annual Compliance Calendar

How Grove HR Helps You Stay Compliant

Grove HR is built for UK compliance:

• Right to work tracking: Document upload, expiry alerts, and audit trail
• Pension auto-enrolment: Automatic assessment and enrolment workflows
• Leave management: Statutory entitlements calculated automatically, including pro-rata for part-time workers
• Document storage: Secure storage for contracts, policies, and compliance documents
• Sickness tracking: SSP qualification checking, fit note management, and return-to-work workflows
• Reporting: Generate compliance reports for audits and inspections

Summary

UK HR compliance is not optional, and the cost of getting it wrong — financially and reputationally — is significant. The key is to build compliance into your regular processes rather than treating it as a periodic audit.

Use this checklist as a starting point, review it quarterly, and update it as legislation changes. If in doubt about any specific requirement, seek advice from a qualified employment solicitor or ACAS (the Advisory, Conciliation and Arbitration Service), which provides free guidance to employers.