All the terms relating to our GDPR compliance are contained within our current privacy policy. Some companies have filed an addendum to their existing privacy statements, i.e. where they are operating in different jurisdictions and wish to append specific data processing terms affecting their customers based in Europe. We have instead completely rewritten our privacy policy from scratch to adhere to GDPR.
There is no requirement (to my knowledge) for a privacy statement to be signed, as long as the customer provides consent in a clear affirmative act.