Legal requirements for notices
The European Union’s regulatory initiative for the protection of whistleblowers obliges companies and legal entities in the public sector to protect whistleblowers from negative consequences. The EU Directive 2019/1937 (Link Laws) came into force in December 2019 and must be implemented in national law by the member states by December 17, 2021.
Employees are required to provide reporting channels for their employees and external persons in a professional context. From 2023 this will also apply to companies with 50 – 249 employees.
With our whistleblower platform, we offer you an efficient way of meeting the requirements of the EU directive.
The requirements from the whistleblower guideline at a glance:
Who needs to set up a whistleblower system?
Legal entities in the private and public sector with 50 or more employees must set up internal reporting channels.
For companies with 250 or more employees, the implementation must take place by December 2021 and for companies with 50 – 249 employees from December 2023.
Who enjoys whistleblower protection?
Persons in a professional context who are economically dependent are protected. Whistleblower protection includes at least employees, self-employed persons, interns, suppliers and subcontractors as well as shareholders and persons from the management board or supervisory board.
For employees, the protection before taking up or after termination of the employment relationship applies. Third parties who are professionally or privately close to the whistleblower are also protected.
What technical requirements does the whistleblower system have to meet?
- Whistleblowers must be able to submit reports in writing or verbally – at the request of the whistleblower also in the context of a personal meeting.
- The identity of the whistleblower must be protected and, if permitted by national law, it must also be possible to report anonymously.
- Data collection takes place within the framework of Regulation (EU) 2016/679 and Directive (EU) 2016/680.
Which organizational requirements does a company have to meet?
- The person charged with receiving and processing information must be impartial.
- There must be strict deadlines for the confirmation of receipt, for feedback and the result of the investigation.
- Reports must be documented in such a way that they can be used as evidence in proceedings. Particular requirements apply to reports made orally. They require the consent and confirmation of the whistleblower.
- Whistleblowers must be given comprehensive information about the use of the internal reporting channels that is relevant to the process.
What must and what can be reported via the whistleblower system?
In principle, according to the whistleblower directive, only one internal reporting channel needs to be set up for violations of EU law. It can be assumed that the German Whistleblower Protection Act also includes violations of national law.
Regardless of the regulations on whistleblower protection, it should be in the company’s interest to allow reports of violations in all jurisdictions in which the company operates. (Link: 5 good reasons to set up a whistleblower system)
Thematically, however, restrictions can be made. We would be happy to advise you on this.
Advantage:
- simple solution to meet the requirements of the EU Whistleblower Directive
- Availability 24/7
- Secure communication channel for maintaining confidentiality
- Possibility of anonymous reports (if permitted under national law)
- GDPR compliant case recording and processing
- Technical security of the whistleblower platform
Arrange a consultation with us about hinweisgeber@sicoda.de