Whistleblower policy - Protection of whistleblowers

Modified on Tue, 8 Aug, 2023 at 5:26 PM

This article provides basic information on the Whistleblower policy, which is now available on Kenjo.


Table of Content


Disclaimer: This article is intended solely for informational purposes to help readers understand the basics of the Whistleblower Protection Act and its implications. It is not intended to be, nor should it be construed as, legal advice.
The content presented herein is an interpretation of certain aspects of the EU Whistleblower Directive of October 23, 2019 [(EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law].

You should consult your legal counsel for specific interpretations and guidance related to your individual cases.



Important information on the Whistleblower policy


What is the whistleblower policy?


The Whistleblower Protection Act, commonly known as the EU Whistleblower Directive of October 23, 2019, protects people who learn of breaches involving their professional activity and report them to an internal or external reporting office.


The purpose is to safeguard employees and whistleblowers against coercive work and punishment.



Which companies are affected?


Private organizations:

  • 50 employees or more -> duty to establish an internal reporting office 
  • 250 employees or more -> immediate implementation after the law is passed


Public Bodies: It applies to all communities, authorities, and government agencies.



Several reporting channels


The whistleblower, on the other hand, has the choice of selecting which reporting channel to use between:

  • Internal communication channels: Responsibility can be assumed through the system by either staff, such as the legal department, or by external lawyers or ombudspersons
  • The Federal Ministry of Justice has external reporting offices
  • Other reporting offices at the appropriate authorities



Requirements for the Reporting Channel

  • Reporting an incident: A personal exchange may take place instead of written or verbal communication at the whistleblower's request.
  • Anyone who has professional interaction with the company (workers, business partners, employees of business partners) is authorized to participate
  • It is important to provide information on reporting possibilities (for example, via a link on the company's website)
  • Confidentiality and data security are guaranteed


What can be reported?


Whistleblowers have the right to report a wide range of potential concerns. Some of these scenarios may fall into the following categories:

  • Criminal law and certain infractions
  • Money laundering and terrorism financing
  • Consumer safeguards
  • Personal data and data protection
  • Information and network security


Response obligations in the case of reports

  • Those responsible for reported cases must email the whistleblower a notification of receipt of the case within seven days
  • The responsible person must then take any additional steps that are required
  • Within three months, the whistleblower must be updated about the reported case
  • All notifications and subsequent procedures must be documented in compliance with the GDPR


Good to know

  • Reversal of the duty of proof: In the case of a termination, companies have to prove that the termination is unrelated to any recorded incidents or indications.
  • The works council has the authority to make a decision on termination
  • Need of an internal whistleblower policy
  • How to deal with incorrect reports


Sanctions in case of violations

  • Missing the setup of an internal reporting channel may result in an administrative fine of up to 20,000 €.
  • If the responsible persons block reporting, commit punishment, or violate the confidentiality of the whistleblower's identity, they may face fines of up to 100,000 € apiece.


Tips for implementation

  • Implement internal report channels
  • Define the authorized group of people
  • Define processes such as reception, processing, and follow-up
  • Information and communication: Employees receive information about the whistleblower system and a link to the company website is provided.

Kenjo's solution

  • 2 features:
    • Portal for the whistleblower to report a case
    • Channel for those in charge to handle cases
  • Our priority is the data protection
  • The Whistleblower feature is included in the Growth and Connect Plan.

Process overview


  1. The whistleblower creates a case through the Whistleblower Portal. You can find full details on how to do this in this article.


  2. The reported case is investigated by the responsible parties through the whistleblower channel. This article explains how it works in detail.


  3. The whistleblower can access the portal at any time to track the status of the reported case.


  4. If such is also the situation, the reported case will be resolved through the channel by the responsible parties.






Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article