Does an employee privacy notice need to be signed by the employee to say they have read and understood? Seems like it is a pointless exercise because it would not stand up legally etc
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
They don’t sign the notice as they are not agreeing to it, just reading it. But it is good practice to document attestation ie they have read it and understood it. It gives you a defensible position if ever needed.
From a data protection perspective, you do not need to have it signed as a notice does not need to be accepted. But it can help you to formalise the process to ensure that employees have actually had the chance to read and understand the policy. Rather than using it as a sign here and there exercise, use it as an opportunity to explain the notice to the employee and allow them to ask questions. It also allows you to discuss your other data protection policies with a new starter directly at the beginning of the employment.
Take the opportunity!
I agree with HellenB that getting confirmation staff have received the documentation is not the same as helping the employees/staff member understand what Data Protection means for them and the organisation they work for. Good knowledge transfer transforms organisation culture and this especially true in the realms of GDPR and Cyber-Security.
In my experience we don’t get a signature that they have read it, however we do get an affirmation that they have received the documentation.
It’s a bit like browse-wrap and click-wrap agreements in that we have assurance that we have made best efforts to ensure that the details have been delivered.
However, getting a confirmation that a document has been delivered isn’t the same as educating your employees about what it contains. An employee privacy notice is all about how an organisation looks after their data, so there shouldn’t exactly be anything controversial in it.
The motivation for asking the question is, I suspect, regarding accountability for bad actions by staff wrt the data the organisation holds. This should be dealt with via policies, procedures and effective training.
No need to sign. I would recommend automating the capture of the fact the employee has read and understood.