One of the most radical legal changes in the EU is expected to receive its final approval by EU ministers soon. WhistleB looks forward to greater protection of whistleblowers and invites organisations to start their road to compliance through its dedicated resource centre.

"By September 2021 all organisations with 250 or more employees must provide a channel for employees and others to blow the whistle. Organisations with between 50 and 249 employees will have another two years to comply. We are ready to help them select, set up and manage a whistleblower channel that not only complies with the Directive, but also delivers real business benefit and protects long-term success," says Karin Henriksson, Founding Partner WhistleB.

The EU Whistleblower Protection Directive will have to be transposed by the Member States within two years of its adoption, which would set the deadline at September 2021. The Directive stipulates various obligations with which organisations must soon comply and a specific set of system requirements related to security, response times, data protection and more. A summary is provided below.

WhistleB's EU Whistleblower Protection Directive Resource Centre provides rich guidance for compliance based on WhistleB's twenty years of experience in business ethics and organisational whistleblowing.

"We are delighted that whistleblowers in the EU are soon to be granted greater protection. Blowing the whistle is a stressful decision and safeguarding those who dare to do so has always been at the heart of what we do. Our system has the highest possible security, allows for complete whistleblower anonymity from reporting to investigation, and it was one of the first to be fully GDPR compliant," adds Karin Henriksson.

The main requirements of the EU Whistleblower Protection Directive

  1. Confidentiality of the identity of the whistleblower. Channels for receiving reports must be set up to ensure the confidentiality of the whistleblower and prevent access to non-authorised persons.
  2. Response times: The procedures for following up on reports must include an acknowledgment of receipt of the report within seven days.
  3. Impartial receiver(s) of reports must be appointed. The person(s) should have the competence to follow up reports and to communicate with the whistleblower.
  4. Follow-up: Diligent follow-up to the report and a reasonable timeframe to provide feedback to the whistleblower is required.
  5. Communication: There should be information regarding the conditions and procedures for reporting externally, for example to competent authorities.
  6. GDPR compliance: Any processing of personal data carried out pursuant to the Directive must comply with the GDPR.
  7. Record keeping: Organisations must keep records of every report received, in compliance with the confidentiality requirements. Reports shall be stored for no longer than it is necessary

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.