You must tell your employees:
the identity of the data controller (employer) and any data protection officer
the purpose and the legal basis of processing
the source and category of the data if it hasn’t come from the employee
who will receive the data (department or role)
how long you intend to keep the data, e.g. for three years after their employment ends
their rights under the regulation (see the section on rights below)
if the data is to be transferred out of the EU, the legal basis for it and safeguards in place
whether you use any automated decision making or profiling