If your organisation has 50 or more employees, you must provide a whistleblowing channel. But this is not enough.

The new directive states that you need to confirm that you have received the report within seven days and provide feedback to the whistleblower within three months. Competent personnel must be put in place to deal with the reports. Further, the directive stipulates security measures for your whistleblowing channel so that the identity of the whistleblower remains confidential. There are also obligations regarding recording of all reports and data protection according to the EU's General Data Protection Regulations (GDPR).

Aside from the functioning of the whistleblower channel, the EU Whistleblower Protection directive requires penalties against those who attempt to hinder reporting, retaliate against whistleblowers, attempt to bring proceedings or who reveal the identity of the whistleblower. Any threats or attempts to retaliate against whistleblowers are also prohibited.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.