Pursuant to article 30 of the General Data Protection Regulation, a record must be maintained of the processing of personal data in the organisation’s whistleblower system. We understand the importance of compliance with data protection regulations, which is why our experts help you ensure that you meet all legal requirements. Here is an example of how a record can be designed.
A company is required to keep written documentation of the establishment and procedures of the whistleblowing scheme in place. As a minimum, the company must draw up a whistleblower policy and a written procedure for dealing with whistleblower reports. Here you will find help to prepare a whistleblower policy and an example of one.
While implementing the technical aspect of the system can be relatively straightforward, there are other aspects of optimising the benefits of the scheme that need to be addressed and are more difficult. It is therefore essential that there is appropriate communication with internal and external stakeholders during its implementation.
In April 2019, the European Parliament adopted the Whistleblower Directive, which obliges individual countries to implement the directive. Each country’s laws in this area are thus based on EU rules, and are fundamentally the same in all EU countries. Here, you can find more information on the legal basis.
When you implement the whistleblowing system, you should also update your Employee Manual as it is important that all employees are aware of the changes made. We have attached inspiration on how to word the manual before updating and sharing your current one.
It is important that employees are informed that you have introduced a whistleblower reporting system in your company. However, it is equally important that employees feel safe using it. Therefore, they should be informed about its purpose, the anonymity of the whistleblower, how independent processing of reports are ensured and other important matters.
.jpg){kind=small}
