Selecting a whistleblowing system: What do you need to consider? 

The EU Directive puts requirements on organisations to implement internal reporting channels that are accessible to all employees. As these channels must meet certain criteria, an easier option is to use third party technology. It is important to note that not all systems will meet the requirements of the law or suit the needs of your organisation. So, what do you need to look for when selecting a whistleblowing system? 

Whether you’re just getting started or short-listing your choices, there are likely several items on your checklist to help you choose the right solution for your whistleblowing channel. Before you book a demo, here are 3 important things you need to consider when selecting a whistleblower system. A system compliant with both your whistleblowing policy and the EU Directive!

1. Ease of access and user-friendliness 

2. Data security and confidentiality 

3. Anonymous communication 

1. Is the whistleblower system easy to access and use for both whistleblowers and other users? 

Ensuring that the report channels are easy to access and user friendly are of utmost importance. This will directly affect the number of whistleblowing reports you will receive. If the solution is too complicated to use, it could result in fewer reports being sent in, mishandling of reports, or that the information is not passed on. As a result, misconduct and fraud could go unnoticed.  

An example of this is e-mail. This might sound strange – reporting by e-mail seems like the easiest thing ever? The problem with e-mailing is the lack of anonymity. A potential whistleblower might feel it is necessary to create an anonymous e-mail account before sending the information. Every extra step in the whistleblowing process means you could lose potential reports about wrongdoing.  

You need to look for a whistleblowing solution that: 

• keeps the whistleblower’s identity confidential 
• is easy to use with an intuitive interface 
• is available in all languages needed 
• works on all devices. 

Do everything in your power to facilitate reporting.   

2. Are the whistleblowing channels safe and secure? 

According to requirements in the EU Whistleblowing Directive, reporting channels must be completely confidential. Information, including images, attachments, IP-addresses and metadata cannot be used to identify the whistleblower. 

This requirement makes it difficult to create your own internal solutions within the organisation as someone (most likely IT) will need to access and maintain the database with sensitive information about the whistleblower. Handling personal information is also regulated in the GDPR.  

Therefore, in order to comply with requirements, the easiest solution is to select an anonymous whistleblower system from a third party. Keep in mind that it is still your responsibility to ensure that the supplier’s solution meets all the requirements for data security, according to the Directive. Choose a provider that stores all data on servers within the EU (EES) and ensure that all reporting channels are secure and can offer anonymity for the whistleblower. 

3. Does the whistleblower system offer anonymous two-way communication with the whistleblower? 

We have already concluded that e-mail is not a good solution for whistleblower reports, but what about anonymous web forms? Such solutions lack the possibility of giving feedback to the whistleblower. According to the EU Whistleblowing Directive, a whistleblower should receive confirmation of receipt within 7 days, and feedback on the report within 3 months. Furthermore, we also need a way of asking follow-up questions from the reporting person.  

The solution is to implement an all-in-one whistleblowing system with built-in, anonymous two-way communication. An optimal solution is to create anonymized log in credentials for the whistleblower, so he/she can communicate and receive feedback about the investigation. Choosing a whistleblower system with case management also simplifies the investigation by keeping all information such as the report with attachments, conversations with the whistleblower and documentation of the investigation in one, safe place.  

Selecting the right whistleblower system 

Once you have the answers to all these questions, you should also consider any specific criteria your organisation may have to find the right whistleblower system for you. This could be, for example:  

• A multi-lingual system 
• Around the clock availability of the service 
• Do you need a telephone hotline? 
• Additional functionality such as an intake management-service of whistleblower cases 
• Can you get statistics and reports of whistleblower cases from the system? 

Selecting the right whistleblower system is not only about complying with requirements in the EU Whistleblower Directive and national whistleblowing laws. You will also need a solution that can easily be customized according to your organisation’s specific needs.  

Please also refer to our checklist for whistleblowing solutions!

Are you looking for a safe and secure whistleblowing solution or do you want to learn more about a whistleblowing service and safe internal reporting channels? Please book a free demo!