AI Generated Acceptable Use Policy for use in the United Kingdom
PDF & Word - 2026 Updated

Docaro Pricing
When do you need an Acceptable Use Policy in the United Kingdom?
British Legal Rules for an Acceptable Use Policy
Using an inappropriate structure for an IT acceptable use policy may fail to adequately protect the organization from data breaches or employee misuse of technology.
What a Proper Acceptable Use Policy Should Include
- Purpose and ScopeClearly state the policy's goal to ensure safe and responsible IT use, and specify who it applies to in your organisation.
- Permitted and Prohibited ActivitiesList allowed uses of IT resources and ban harmful actions like accessing illegal content or sharing company data without permission.
- Data Protection RulesExplain how to handle personal and sensitive information to comply with UK privacy laws and prevent unauthorised access.
- Security ResponsibilitiesOutline steps employees must take, such as using strong passwords and reporting suspicious activity, to protect against cyber threats.
- Email and Internet UsageSet guidelines for professional communication and browsing to avoid distractions and risks like phishing or inappropriate content.
- Software and Device PoliciesDefine rules for installing software, using personal devices, and maintaining equipment to ensure compatibility and security.
- Monitoring and EnforcementDescribe how the company may monitor IT use and the consequences for breaking the rules, including disciplinary actions.
- Reporting IncidentsInstruct staff on how to report IT misuse or security issues promptly to allow quick resolution.
Generate Your Document in 4 Easy Steps
Why Use Docaro?
United KingdomFree Example Acceptable Use Policy Template
Below is a free template example of a Acceptable Use Policy for use in the United Kingdom generated by our AI model.
The clauses in your actual Acceptable Use Policy will vary from this example as they will be entirely bespoke to your requirements as set out in the questionnaire you complete.
Acceptable Use Policy
1EMPLOYEE RIGHTS AND CONSENT
The Company shall obtain explicit consent from employees for any monitoring activities in accordance with the Data Protection Act 2018 and UK GDPR Article 6 and Article 9 where applicable. Such consent must be freely given specific informed and unambiguous.
Employees have the right to access their own personal data processed by the Company under this Policy in accordance with UK GDPR Article 15 and the Data Protection Act 2018. Requests for access shall be responded to within one month without undue delay.
Employees have the right to object to the processing of their personal data for monitoring purposes under UK GDPR Article 21. The Company shall cease such processing unless it can demonstrate compelling legitimate grounds that override the employee\’s interests rights and freedoms.
The Company shall conduct Privacy Impact Assessments (Data Protection Impact Assessments under UK GDPR Article 35) for any high-risk monitoring activities prior to implementation. These assessments shall be documented and reviewed regularly.
The Company shall fulfil its transparency obligations by providing clear information to employees about the nature purposes and extent of monitoring via this Policy privacy notices and other appropriate communications in line with UK GDPR Article 12 and 13 and ICO guidance.
This Policy forms part of the employment contract. Any monitoring or data processing shall be conducted in accordance with the Employment Rights Act 1996 and relevant employment contracts. Employees\’ rights under this section do not affect their contractual rights and remedies.
2INCIDENT RESPONSE AND DATA BREACHES
All Users must report any suspected personal data breach or security incident to the Data Protection Officer or designated incident response lead without undue delay and in any event within 24 hours of becoming aware of the incident.
Upon notification the Company shall take immediate steps to contain the breach including isolating affected systems and preserving evidence. Recovery procedures shall follow the Company\’s Incident Response Plan to restore normal operations securely.
The Company shall notify the Information Commissioner\’s Office (ICO) of any personal data breach without undue delay and where feasible not later than 72 hours after becoming aware of it in accordance with UK GDPR Article 33 and the Data Protection Act 2018. Affected individuals shall be notified where the breach is likely to result in a high risk to their rights and freedoms in line with UK GDPR Article 34.
Following any incident the Company shall conduct a post-incident review to identify root causes evaluate the effectiveness of the response and implement any necessary improvements to prevent recurrence.
This section integrates with and forms part of the Company\’s broader Incident Response Plan which shall be tested annually and updated as required to ensure alignment with this Acceptable Use Policy.
All activities under this section shall comply with the Computer Misuse Act 1990 (as amended) and the Data Protection Act 2018. Unauthorised access modification or interference with computer systems may constitute criminal offences under these laws.
3PROHIBITED USES
Users shall not engage in any Prohibited Activities including any actions that violate UK laws such as downloading copyrighted material without permission sending threatening emails or using company IT systems for gambling.
Users shall not access illegal content using Company Resources.
Users shall not engage in harassment using Company Resources.
Users shall not install unauthorised software on Company Resources.
Users shall not engage in excessive personal use of Company Resources.
Users shall not use Company Resources for any activity that could constitute discrimination harassment or victimisation under the Equality Act 2010 including but not limited to creating or distributing content that discriminates on the basis of age disability gender reassignment marriage and civil partnership pregnancy and maternity race religion or belief sex or sexual orientation.
Users shall not use Company Resources for political campaigning or lobbying activities in violation of Company rules or that may breach the Political Parties Elections and Referendums Act 2000 or other applicable regulations.
Users shall not use Company Resources for crypto-mining cryptocurrency trading or any other resource-intensive personal activities that may impair system performance or increase costs to the Company.
Users shall not bypass security controls attempt to gain unauthorised access to systems or use Virtual Private Networks (VPNs) to access unauthorised content in breach of this Policy or applicable law.
Users shall not engage in any activities that could compromise network and information systems security in violation of the Network and Information Systems Regulations 2018 including the introduction of malware unauthorised scanning of networks or any form of cyber attack.
Users shall not engage in any other activities that contravene UK cyber security best practices Company policies or any other applicable laws and regulations.
4EQUALITY, DIVERSITY AND INCLUSION
The Company is committed to non-discrimination in the allocation and access to IT resources in full compliance with the Equality Act 2010. No User shall be denied access to Company Resources or subjected to less favourable treatment on the basis of a protected characteristic.
All Company systems and digital resources shall meet appropriate accessibility standards including the Web Content Accessibility Guidelines (WCAG) 2.2 at Level AA or equivalent standards to ensure equal access for all Users in line with the Equality Act 2010.
The Company shall provide mandatory training to all Users on the inclusive and equitable use of technology including awareness of accessibility requirements bias in AI tools and the impact of digital communications on diversity and inclusion.
Users shall report any equality-related issues or barriers concerning IT resources via the designated reporting mechanisms outlined in the Reporting Violations section of this Policy or directly to the HR Department. All such reports shall be investigated promptly and confidentially in accordance with the Equality Act 2010 and Company procedures.
5SCOPE AND APPLICABILITY
This Acceptable Use Policy applies to all employees contractors vendors and other third parties who use or have access to Company Resources regardless of their location or place of work.
This Acceptable Use Policy applies to all activities involving Company Resources including but not limited to use at Company premises remote working home working and use of Bring Your Own Device (BYOD) equipment.
This Acceptable Use Policy covers all company-owned or managed IT systems networks data email services internet access mobile devices and any other Company Resources whether accessed from within the United Kingdom or internationally.
Where Company Resources involve the processing or transfer of personal data outside the UK the Company shall ensure appropriate safeguards are in place in compliance with the UK GDPR including adequacy decisions standard contractual clauses or other approved transfer mechanisms.
This Policy applies to all Users wherever located when using Company Resources and Users must ensure their use complies with this Policy and all applicable UK laws.
6GOVERNING LAW
This Acceptable Use Policy shall be governed by and construed in accordance with the laws of England and Wales. The parties agree to submit to the exclusive jurisdiction of the English courts in relation to any dispute arising out of or in connection with this Policy.
7INTELLECTUAL PROPERTY RIGHTS
Users must comply with all software license agreements and terms of use. Only licensed software approved by the Company may be installed or used on Company Resources.
The use of unlicensed pirated or illegally obtained software on Company Resources is strictly prohibited and may constitute a criminal offence under the Copyright Designs and Patents Act 1988.
Where open source software components are used Users must ensure full compliance with the relevant open source license terms including appropriate attribution notices and any modifications being made available under the same license where required.
All requests for new software must be submitted to the IT Department for approval. The Company shall maintain procedures to verify licensing compliance before acquisition or installation.
8SECURITY RESPONSIBILITIES
Users must create strong passwords that include a combination of uppercase letters lowercase letters numbers and special characters and that are at least 12 characters in length.
Users must report any security incidents such as data breaches or suspicious activity within 24 hours.
Users must undergo regular training on recognising and avoiding phishing attempts.
Users must install and maintain up to date anti malware software on all company devices.
All devices handling sensitive information must employ full disk encryption and network level encryption for data in transit.
Users must contact the IT Security Team Lead to report any security incidents.
Users must report all suspected vulnerabilities or weaknesses in Company systems to the IT Security Team immediately upon discovery to align with the Network and Information Systems Regulations 2018 and ISO 27001 principles.
Multi-factor authentication (MFA) must be enabled and used on all User accounts and systems in line with Cyber Essentials requirements and Company security standards.
Users must not connect unauthorised removable media or USB devices to Company systems without prior approval. All such media must be scanned for malware before use.
Hardware that is no longer in use must be securely disposed of in accordance with ISO 27001 and data protection requirements including secure wiping of all data and certification of destruction where appropriate.
Users must follow password management best practices including not sharing passwords with anyone using a password manager where provided changing passwords only when directed by the Company or upon suspected compromise and not reusing passwords across multiple systems.
This example shows approximately 70% of a typical document and is provided for illustrative purposes only. The remaining content has been omitted.
Every document generated by Docaro is tailored to your specific circumstances, jurisdiction and the information you provide. The completed document includes all applicable clauses and provisions required for your situation.
To generate the full, personalised document, answer a short series of questions and your document will be created instantly.
Useful Resources When Considering a Acceptable Use Policy in the United Kingdom
United Kingdom Reference Legislation
Acceptable Use Policy FAQs
Document Generation FAQs
Related Articles




