Internal guidelines for employees are one of the fundamental pillars of GDPR compliance. These guidelines inform employees (as data subjects) about what personal data their employer processes and for what purpose and how employees can exercise their rights with regard to the processing of their personal data.
At the same time, however, the employer sets rules for the processing of personal data of other persons (typically its clients - customers) and requires employees to comply with those rules. This is the only way to ensure that the employer can prove the existence of a comprehensive system to ensure GDPR compliance in the event of an inspection by supervisory authorities.
At the same time, it is necessary to train employees on regular basis to ensure that any rules set out in the guidelines do not remain only formal protections.