Social Media Policy template
A social media policy sets out how {{org.name}} expects people to behave online wherever the business is affected — on personal accounts when work, colleagues, or customers are involved, and on any account run for the business. It draws the line between private life, which is not the employer's business, and online conduct that damages the business or its people, which is.
Most social media incidents at work are not rogue marketing posts. They are a personal profile naming the employer next to something offensive, a customer filmed without consent, or a colleague picked on in a group chat. By the time a screenshot is circulating, the only question left is whether your policy anticipated it.
This template covers personal use, talking about work online, running business accounts, confidentiality and data protection, and how breaches are handled.
Full text, ready to adapt.
Highlighted fields are placeholders — replace them with your organisation's specifics. A starting point, not legal advice.
Social Media Policy
Policy · Company Policies
1. Purpose and scope
This policy covers all social media, video, review, and messaging platforms — including private and group messaging — where {{org.name}}, its staff, customers, or suppliers are identifiable. It applies to all employees and to [contractors/casual staff — adjust], whether posts are made during or outside working hours, on any device.
It does not seek to control lawful private online life that has no connection to work.
2. Policy statement
{{org.name}} is relaxed about staff having an online life and positive about people being proud of where they work. In return we expect the same standards of honesty, respect, and confidentiality online as in the workplace — because to a customer or a colleague reading a post, there is no difference.
3. Personal use of social media
- Your personal accounts are your own. These rules apply where you are identifiable as working for {{org.name}} or where work, colleagues, or customers are involved.
- Never claim or imply you speak for {{org.name}} on a personal account; where your profile names us and you post about our industry, make clear views are your own.
- Never post confidential business information, customer details, or unreleased plans, prices, or figures.
- Never post photos or videos from the workplace that show customers, colleagues, or sensitive areas without permission from [name/role].
- Never abuse, harass, or ridicule colleagues, customers, or suppliers online — including in group chats. It is treated exactly as if it were said in the workplace.
- Personal social media use during working time: [state your rule, e.g. breaks only, and see the IT acceptable use policy for company devices].
4. Talking about work online
Complaints about work belong in the grievance procedure, where they can be fixed — not on a feed, where they cannot. Do not respond to journalists, reviewers, or online criticism of {{org.name}}, even to defend us; refer press or public queries to [name/role].
Be careful with competitor comment: disparaging competitors, their staff, or their products online creates legal and reputational risk and is not permitted.
5. Business accounts
- Only authorised people ([names/roles]) post from {{org.name}} accounts, using credentials held in [password manager/system] — never in personal password stores.
- Posts follow our brand voice guide [location] and never disclose confidential or personal information.
- Complaints or negative comments on our channels are acknowledged politely and moved into the customer complaint handling procedure — no arguments in public threads.
- Posts about [sensitive topics for your business, e.g. pricing, recruitment, incidents] need sign-off from [name/role] before publishing.
- Accounts, pages, handles, and follower lists created for the business belong to {{org.name}}; access is returned and passwords changed when an authorised user leaves.
6. Confidentiality, data protection, and copyright
Personal data — including recognisable photos and videos of customers, staff, or visitors — is only posted with a lawful basis, which in practice usually means clear consent, recorded in [system/location]. Commercially sensitive information is never posted from any account, personal or business.
Respect copyright: only use images, music, and text we own, have licensed, or are clearly free to use.
7. Breaches
Breaches of this policy are handled under the disciplinary policy. Serious breaches — harassment of colleagues, deliberate leaks of confidential or personal data, or posts that seriously damage {{org.name}}'s reputation — may be gross misconduct.
You may be asked to remove content that breaches this policy. If you see a post that concerns you, report it to [name/role] rather than engaging with it publicly.
8. Training, records, and review
This policy is covered at induction and acknowledged in writing; the people running business accounts receive a fuller briefing. The authorised user list and credential store are reviewed every [period] and immediately when someone leaves.
This policy is reviewed [frequency, e.g. annually] and when we adopt a new platform. Owner: [name/role]. Next review due: [date].
How to adapt this template.
List the platforms your business and staff actually use — including review sites and WhatsApp — before editing; policies fail on the channel they forgot.
Name the authorised posters and move business account credentials into a shared password manager today, not at the next leaver.
Set your rule on personal use during working time explicitly; silence gets read as permission.
Align the breach examples with the gross misconduct list in your disciplinary policy so the two documents cannot contradict each other.
Walk your most recent awkward incident (or a plausible one) through the policy and check a manager could act on it without guessing.
Turn this template into trained, proven behaviour
A policy in a drawer proves nothing. In TrainedTeam this template becomes assigned training with knowledge checks, e-signature acknowledgments, version history, and an audit-ready record of who completed what, when.
Social Media Policy template FAQs
Is a social media policy a legal requirement in the UK?
No law requires one. But when a social media dismissal reaches a tribunal, one of the first questions is whether a clear, communicated policy told the employee where the line was. Without one, showing a dismissal was reasonable is much harder — so the policy is best practice with sharp legal edges.
Can we discipline staff for personal posts made outside working hours?
Yes, where the post genuinely connects to work — it identifies the employer, breaches confidentiality, harasses colleagues, or seriously damages the business — and the policy made that clear in advance. Purely private online life with no work connection is not the employer's business, and a fair procedure under the ACAS Code still applies to any action taken.
Who owns a social media account an employee runs for the business?
Whatever the platform terms say, your policy should state that accounts, handles, and follower lists created for the business belong to the business, with credentials held centrally. Disputes almost always trace back to an account set up on a personal email in year one — the policy and the password manager prevent that.
Can we monitor employees' social media?
Monitoring work systems and business accounts is legitimate if it is transparent, proportionate, and explained in your policies; the ICO publishes guidance on monitoring workers. Routinely trawling employees' private accounts is a different matter — it is intrusive, hard to justify, and usually unnecessary if reporting routes work.
Does this policy cover private group chats like WhatsApp?
Yes, where colleagues or work are involved. Harassment or leaking of confidential information in a "private" chat has the same effect on the victim and the business as a public post, and employers can be liable for harassment between colleagues however it is delivered. The policy should say so plainly — this template does.
Related templates
IT & Acceptable Use Policy
Free IT and acceptable use policy template for UK teams: security rules, email and internet use, monitoring, and incident reporting. Ready to edit.
Bring Your Own Device (BYOD)
Free BYOD policy template for UK businesses: security rules for personal phones and laptops, privacy boundaries, remote wipe, and leaver steps.
Disciplinary Policy & Procedure
Free disciplinary policy template for UK employers, built on the ACAS Code: investigation, hearings, warnings, appeals, and record-keeping. Ready to edit.
Code of Conduct
Free employee code of conduct template for UK businesses: behaviour standards, conflicts of interest, gifts, company property, and speak-up routes.