1. We have an internal collaboration application in our Organization (that each employee has his/her own Profile, Posts …etc.) that is connected to Active Directory that access some employees personal data. This application is accessing all our internal systems such as Travel System, Suppliers System, Compensation & Benefits, HR systems ..etc.
Based on this case, do you believe that we need to ask our employees to sign a consent for processing their personal data, taking into consideration that the employment contract includes a section for Confidentiality of Information that doesn’t include any sentence related to personal data processing only copyrights and confidentiality of project/company-related information disclosure.
2. Our Internal Systems (HR, are using cookies, Do we need to create/add a pop-up message with a link to our Cookies Policy in the pop-up box message?
3. As mentioned above, we have Confidentiality of Information section stated in the employment contract, Is this section sufficient or do we need to ask our Employees to Sign NDA (non-disclosure agreement) that include a special section for GDPR Compliance requirements specifically.