How to get compliant with the Whistleblowing Law
The EU Whistleblowing Directive (2019/1937) was introduced to protect individuals who report work-related misconduct. This regulation requires organisations to establish secure, confidential reporting systems that safeguard whistleblowers from retaliation.
Organisations with 50 or more employees and municipalities with over 10,000 inhabitants are required to implement secure and effective reporting channels. These systems must be designed to ensure the safety and confidentiality of whistleblowers while meeting legal obligations.
To comply with the directive, reporting channels must:
Be secure
Guarantee confidentiality
Have a designated owner
Adhere to timeframes
Meet GDPR guidelines
Allow for written and/or verbal reports
Any individual who becomes aware of work-related misconduct can submit a report. Protection extends beyond current employees to include former employees, job applicants, contractors and suppliers, and supporters of the whistleblower.
Whistleblowing reports can cover violations of EU law related to various issues, including but not limited to:
Money laundering and tax fraud
Product and transport safety
Data protection and privacy violations
Public health concerns
Animal welfare violations
Environmental protection breaches
Whistleblowers are legally protected from any form of retaliation when submitting a report through the designated reporting channel. To qualify for protection, the whistleblower must have reasonable belief that the information they are providing is true at the time of reporting.
While the EU Whistleblowing Directive does not establish specific minimum penalties, it requires member states to implement national laws that impose sanctions on organisations that:
Breach confidentiality by disclosing a whistleblower’s identity without consent.
Retaliate against whistleblowers through actions such as dismissal, harassment, or discrimination.
Failure to comply with national whistleblower protection laws can result in significant financial penalties, legal action, and reputational damage for organisations. Ensuring proper internal reporting channels and protective measures is essential for compliance and maintaining trust within your organisation.
Follow these steps to ensure your organisation complies with the EU Whistleblowing Directive.
Implement a procedure to acknowledge receipt of the report within seven days, and provide feedback to the whistleblower within three months.
Continue to comply with GDPR requirements by carefully managing personal data, and ensuring that data is stored securely within the EU.
Establish reporting channels that guarantee confidentiality and protect the identity of whistleblowers and any individuals named in reports. Secure your system against unauthorised access and maintain safe records.
Provide flexible reporting options. Accept written reports via an online platform, verbal reports through phone or voice messages, and offer personal meetings upon request.
Appoint a qualified person or department to handle incoming reports. Their responsibilities should include managing the reporting process, maintaining ongoing communication with the whistleblower, and providing timely feedback
Ensure your reporting channels are easily accessible to all employees and extend access to external stakeholders such as suppliers, contractors, shareholders, trainees, and job applicants.
Is your whistleblowing solution compliant?
When selecting a system, ensure it meets all legal requirements and complies with GDPR. It’s essential that your chosen solution includes the necessary functions to keep you compliant and protect whistleblower confidentiality.
We’ve compiled a checklist of key features to help you choose a provider that meets both whistleblower law and GDPR standards – use it as a guide during your procurement process.
Whistleblowing occurs when someone reports illegal, unethical, or harmful activities within a public, private, or government organisation. Common issues reported include fraud, corruption, misconduct, harassment, discrimination, and violations related to health, safety, or environmental regulations.
The EU Whistleblowing Directive protects whistleblowers from retaliation, such as dismissal, harassment, or discrimination, when they report breaches of EU law.
Protected violations include:
To qualify for protection, whistleblowers must use designated reporting channels and believe their information is accurate at the time of reporting.
Employers must establish secure and effective internal reporting channels that allow employees and other stakeholders to report misconduct confidentially.
These channels must:
The EU Whistleblowing Directive was introduced to combat corruption and ensure better protection for individuals who report misconduct or breaches of EU law. It aims to encourage transparency and accountability within organisations.
To comply, organisations must implement secure, confidential reporting channels that meet the directive’s requirements. These systems must:
The directive applies to:
While the directive does not set specific penalties, it requires member states to implement laws that penalise organisations for:
National penalties may include fines, legal action, and reputational damage for non-compliance.
No. The directive also applies to municipalities in the EU with over 10,000 inhabitants, in addition to all public and private organisations with more than 50 employees.
Wednesday | 11:00 – 11:30
HAPPY TO MEET YOU!
Whistlelink values your privacy. We will only contact you about our solutions. You may unsubscribe at any time.
Nice to meet you!
HAPPY TO MEET YOU!
Whistlelink values your privacy. We will only contact you about our solutions.
You may unsubscribe at any time. For more info, please review our Privacy Policy
