GDPR Compliance

1. We have an internal collaboration application in our Organization (that each employee has his/her own Profile, Posts …etc.) that is connected to Active Directory that access some employees personal data. This application is accessing all our internal systems such as Travel System, Suppliers System, Compensation & Benefits, HR systems ..etc.
Based on this case, do you believe that we need to ask our employees to sign a consent for processing their personal data, taking into consideration that the employment contract includes a section for Confidentiality of Information that doesn’t include any sentence related to personal data processing only copyrights and confidentiality of project/company-related information disclosure.

I would not recommend using consent when processing personal data of employees as most likely the consent will not be considered freely given due to the imbalance between the position of the employee and the employer. I suggest using legitimate interest as a lawful ground for processing if appropriate.

2. Our Internal Systems (HR, are using cookies, Do we need to create/add a pop-up message with a link to our Cookies Policy in the pop-up box message?

For the cookies that are not strictly necessary for the functioning of the website, I strongly recommend obtaining consent, especially for tracking and advertising cookies.

3.  As mentioned above, we have Confidentiality of Information section stated in the employment contract, Is this section sufficient or do we need to ask our Employees to Sign NDA (non-disclosure agreement) that include a special section for GDPR Compliance requirements specifically.

Including confidentiality clauses that include a reference to personal data is the same as signing NDAs.