How do Austrians blow the whistle?

While someone is looking for easier ways, Austria demonstrates a significant persistence in complicating everything (for years). History is to blame: at first, it's about the cultural context of the country.  People still remember how it is to be an informant and which retaliation is waiting for you during the period of fascism. Austrian law complements it with a history of legislative measures which either miss something or contradict. As a result, Austria currently joins the list of countries which cover whistleblowing protection laws partially. 

So, how it started?

It started classically: Austria was a subject of great scandals regarding the corruption in politics which became public. The example of the European approach to such cases and external pressure made their thing but in a specific way.

Starting from 2012, whistleblowers have received a first legal shield of protection from discrimination.

However, in most cases, it was the matter of whistleblower to protect himself by learning the procedure of reporting about any kind of misdeed. The process has started, but there is no finish on the horizon. The public sector was covered, but the demand from the private sector for the same measures of protection is left unanswered. 

Losing data is scary

It's hard to figure out what precisely Austrian law wants you to do as a business owner in a mess of GDPR, internal data protection laws and whistleblowing initiatives. The challenge is to make it simple, legal and without a headache in the end. The rule to follow is simple: if you keep the information, authorize it.

The system is complicated because of the subject for processing — personal (which here a synonym of sensitive) data. All the data from whistleblowers, which is processed by the company, should comply with standards of the Data Protection Authority, Austrian legal committee.

There is no standard registered application for processing requests from whistleblowers; therefore, you should ask for permission to implement the system and check if it meets the requirements.

You should clearly state who is keeping the data, for which purposes, how you make sure that data is secure. It's all about the details which matter: Data Protection Authority demands clear procedure of investigation for both informant and the person accused of misconduct. Subjects should be informed about data collected on them and the results of the inquiry; also, the data should be deleted when you finish the investigation.

All the things to keep in mind

If you decided to have a whistleblower hotline, it might be necessary to know:

  • corporate hotlines are not limited to financial issues, and you can adjust the system according to your needs.
  • Check it twice; data privacy should be thoroughly analyzed (follow DPIA).
  • If the accusation is regarding the criminal offence, it should be processed externally. In another case, you should ask for permission to process it.
  • It can take a lot of time to implement your own system: consultancy, approval by the Data Protection Authority, amending the system is not a matter of a week.
  • To transfer the data outside the EU, you will need permission to ensure that the parent company has the same law for data protection.

Chance for improvement

Considering all the hurdles on the way to an ethical work environment, Austria is far from perfect in this field. People prefer to stay anonymous due to existing recommendations to discuss the conflict with the employer before blowing the whistle to external committees. If your company is private without a whistleblower hotline (only public sector is generally protected), you are trapped in a loop between the fear of retaliation and willingness to help the community.

An internal whistleblower hotline isn't easy to organize; the process relies more on moral values and worldwide standards of work ethics than obligations from the country's law. Employees take a risk to be called "snitches" and lose; employers can lose money and influence. But the most important thing on the stake is reputation, which should be protected by law: only in this case, Austria can have a comprehensive system for whistleblowers.

Watch demo or presentation

Ethicontrol OÜ
Tornimäe 5, 2nd Floor, 10145 Tallinn
+1 (302) 451 94 55
+372 668 2755
+7 (499) 348 90 95
+38 (044) 393 58 34

info@ethicontrol.com