What is the agenda? The EU Whistleblowing Directive of 2019 aims to protect whistleblowers in different life spheres in the public and private sectors. Starting from 2022 whistleblowers in EU member states should be able to safely blow the whistle, get legal advice, and be protected from retaliation.
When is the deadline for implementation? The deadline is December 2021 — it might be extended due to the global pandemic.
Does my business need to comply with the Directive? Small and micro enterprises (except for financial sphere) are exempted from the implementation of Whistleblowing Directive. If your company is smaller than 50 employees, you are still encouraged to follow good compliance practices but not obliged by the law.
This guide is for you if you have more than 50 employees and work in the EU or with European partners.
1. Compliance strategy. The first thing to do for the company is to revise the existing compliance policy or add a compliance officer to existing personnel. Those who work with whistleblowers need to be trained and have experience in the compliance field. The company has to assign a responsible person for processing whistleblower complaints - in bigger companies it can be the whole unit. The company has to decide on investigation solutions and timelines, budget and think about legal advise in case of possible court proceeding.
2. Information center for whistleblowers. The Directive says that it's the obligation of member states to inform whistleblowers on their rights and existing reporting channels. Still, each company must notify its employees of internal procedures. DOJ recommendations for 2020 include the importance of the information center for compliance procedures. The instructions should be clear and accessible - this way, employees will use the reporting channels. Training can also be provided yearly or upon the onboarding process.
3. Internal policy revision and trade secret. The information center for whistleblowing is a must, but a detailed internal policy is also important. Employees must be aware of their rights and obligations: when it comes to the latter, it is worth warning whistleblowers of top-secret information. The EU Whistleblowing Directive would be on the side of whistleblowers in most cases, even if the data from the report wasn't obtained as a result of work responsibilities.
Whistleblowers will be exempted from liability if the issue they report on is a matter of public concern. Damage for brand reputation, however, will be an issue. That's why internal mechanisms of control are essential for both whistleblowers' protection and corporate security. Only authorized persons have access to confidential information: whistleblowers can't easily leak classified data and the system is less vulnerable to fraud.
4. Reporting channels - outsource or custom solution. Each company with more than 50 employees has to communicate with its employees through established reporting channels. Good news is that the company can choose which reporting channels it will have (hotlines, physical complaint boxes, reporting in person and online platforms) - this significantly reduces the costs of system maintenance. The law explicitly allows passing the whistleblowing system's duty operating to the third party such as Ethicontrol.
5. Data protection. GDPR is not new for the world of business; nevertheless, data protection conditions under the EU WB Directive can be different. The reporting person, concerned person and third parties involved in the investigation should be equally protected.
That means that data processing should be assigned only to authorized persons, data transfers to different company branches should comply with EU data protection standards. Companies should pay attention to data servers location. Additionally, companies should ensure that the record-keeping is adequate, and a whistleblower's complaint can be the evidence during the investigation.
That's a lot to process for a short period left, but the process promises to be rewarding. The Directive is intended to protect the internal European market and shed light on corrupt practices, but that's the least of it. Corporate ethics can be elevated significantly when the employees have trust in the system and are protected from any discrimination - now, businesses are forced to try it out.