A privacy standard should be stated as being non-contractual. This will allow an organisation to change and update the policy as the need arises without seeking the agreement of the entire workforce.
Although is not a requirement of the GDPR that employees sign a privacy standard, a signature may be useful as evidence that employees have been properly informed of their data collection and handling practices, including the rights of individuals whose personal data is processed by the organisation. An acknowledgement of receipt clause can therefore be added at the end of the policy.
Neil is an expert on interpreting GDPR and other data protection laws. He has helped many organisations implement systems to comply with their obligations around handling personal data and drafting privacy policies and data retention policies.