In this article you'll learn how to understand the basics of the EU Whistleblower Directive and the whistleblower protection requirements that apply to your organization. You will gain knowledge about which companies are affected, what the whistleblower policy covers, and what reporting channels are available. This article is relevant for organizations that need to comply with whistleblower protection laws and understand their obligations.
Note: This article is intended solely for informational purposes to help readers understand the basics of the Whistleblower Protection Act and its implications. It is not intended to be, nor should it be construed as, legal advice.The content presented herein is an interpretation of certain aspects of the EU Whistleblower Directive of October 23, 2019 [(EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law].You should consult your legal counsel for specific interpretations and guidance related to your individual cases.
1. Important information on the Whistleblower policy
2. What is the whistleblower policy?
The Whistleblower Protection Act, commonly known as the EU Whistleblower Directive of October 23, 2019, protects people who learn of breaches involving their professional activity and report them to an internal or external reporting office.
The purpose is to safeguard employees and whistleblowers against coercive work and punishment.
3. Which companies are affected?
Private organizations:
50 employees or more -> duty to establish an internal reporting office
250 employees or more -> immediate implementation after the law is passed
Public Bodies: It applies to all communities, authorities, and government agencies.
4. Several reporting channels
The whistleblower, on the other hand, has the choice of selecting which reporting channel to use between:
Internal communication channels: Responsibility can be assumed through the system by either staff, such as the legal department, or by external lawyers or ombudspersons
The Federal Ministry of Justice has external reporting offices
Other reporting offices at the appropriate authorities
Requirements for the Reporting Channel
Reporting an incident: A personal exchange may take place instead of written or verbal communication at the whistleblower's request.
Anyone who has professional interaction with the company (workers, business partners, employees of business partners) is authorized to participate
It is important to provide information on reporting possibilities (for example, via a link on the company's website)
Confidentiality and data security are guaranteed
What can be reported?
Whistleblowers have the right to report a wide range of potential concerns. Some of these scenarios may fall into the following categories:
Criminal law and certain infractions
Money laundering and terrorism financing
Consumer safeguards
Personal data and data protection
Information and network security
5. Response obligations in the case of reports
Those responsible for reported cases must email the whistleblower a notification of receipt of the case within seven days
The responsible person must then take any additional steps that are required
Within three months, the whistleblower must be updated about the reported case
All notifications and subsequent procedures must be documented in compliance with the GDPR
6. Good to know
Reversal of the duty of proof: In the case of a termination, companies have to prove that the termination is unrelated to any recorded incidents or indications.
The works council has the authority to make a decision on termination
Need of an internal whistleblower policy
How to deal with incorrect reports
7. Sanctions in case of violations
Missing the setup of an internal reporting channel may result in an administrative fine of up to 20,000 €.
If the responsible persons block reporting, commit punishment, or violate the confidentiality of the whistleblower's identity, they may face fines of up to 100,000 € apiece.
8. Tips for implementation
Implement internal report channels
Define the authorized group of people
Define processes such as reception, processing, and follow-up
Information and communication: Employees receive information about the whistleblower system and a link to the company website is provided.
9. Kenjo's solution
2 features:
Channel for those in charge to handle cases
Portal for the whistleblower to report a case
Our priority is the data protection
The Whistleblower feature is included in the Growth and Connect Plan.
10. Process overview
The whistleblower creates a case through the Whistleblower Portal. You can find full details on how to do this in this article.
The reported case is investigated by the responsible parties through the whistleblower channel. This article explains how it works in detail.
The whistleblower can access the portal at any time to track the status of the reported case.
If such is also the situation, the reported case will be resolved through the channel by the responsible parties.
