EU Whistleblowing Directive
Considering the personal scope of the Whistleblower Directive
The Whistleblower Directive will provide protection to any person reporting a breach in a work-related context. Importantly, this protection is not limited to employees or civil servants, but extends to freelance workers, volunteers, self-employed service providers, trainees or shareholders, among others.
Obligations for compliance
For companies in the private sector with 50 or more employees, there is a necessity to provide an effective internal reporting channel. As outlined by our speakers, there are three categories of reporting: internal, external, or public disclosure. To provide safeguards against false reports, the Whistleblower Directive states that internal reporting must be the first step in reporting a breach and only when no action is taken can a report or claim be made public. Therefore, companies need to have a fully functional service in place. In practical terms, this can be designated to a set department or provided externally by a third party.
Setting up a whistleblower system
Our speakers highlight the importance of communication and an 'open door' policy to facilitate reporting potential breaches. One way this can be achieved is by providing a choice of systems to report a breach. For example, an online system should be supported by a reporting hotline. Not only can this provide all the information a whistleblower may need, but also allows for multi-national organisations to implement an accessible system in numerous languages and across time zones.
Anonymity of whistleblowers
The Whistleblower Directive does not encourage anonymous reporting, however does include requirements to protect the identity of the whistleblower. As a key point of interest, our speakers highlight that a data subject's right to access information cannot be used to reveal the identity of the whistleblower. It is worth noting that whistleblowing schemes will always carry risk of retaliation or victimisation for all involved parties. Therefore, organisations need to ensure there is a high level of trust in a whistleblowing system. This can be done by ensuring reports are always addressed, and taken seriously.
How OneTrust DataGuidance helps
OneTrust DataGuidance™ is the industry's most in-depth and up-to-date source of privacy and security research, powered by a contributor network of over 500 lawyers, 40 in-house legal researchers, and 14 full time in-house translators. OneTrust DataGuidance™ offers solutions for your research, planning, benchmarking, and training.
OneTrust DataGuidance features a Whistleblowing Comparison Chart dedicated to covering key legislation and requirements across numerous jurisdictions. OneTrust DataGuidance supports this resource with detailed Insight articles and Daily Update News Stories to provide clients with up to date information and expert guidance in achieving global compliance.
OneTrust DataGuidance solutions are integrated directly into OneTrust products, enabling organisations to leverage OneTrust to drive compliance with hundreds of global privacy and security laws and frameworks. This approach provides the only solution that gives privacy departments the tools they need to efficiently monitor and manage the complex and changing world of privacy management.