Information to be provided to the data subject
GDPR has the objective of protecting the rights and freedoms of data subjects with regard to the processing of their personal data. The principle of 'transparency' requires data subjects be told their personal data is being processed, who by and what for. They must be told their rights, and data controllers must do this in a clear, easily understood format, when the data is collected. If you get the personal data from another person, the data subject must be told the same information as soon as possible, at least within one month, or at the time of first contact if the data is used for direct marketing.
You should adjust your processes and procedures to ensure you tell data subjects all this information when you collect their data.
If you collect data from someone else, such as a colleague, you must tell the data subject where you got the data from, and all the listed items as soon as possible, and within one month. If the data is to be used for direct marketing, this information can be given in the first communcation.
You do not need to tell the data subject all this information if they already have it.
As with all of GDPR, to avoid potential fines, you must be able to prove you have provided this information, or you did not need to do so. This may mean you need to make additional changes to keep call recordings, scan documents, or keep originals.