Protection provider: To implement the whistleblower directive
The Whistleblower directive, which must be implemented in German law on December 17, 2021, brings great challenges, but also opportunities for companies with 50 employees. We give an overview of what to consider now and how you can use the regulatory requirements for your company.
"Whistleblowing" means Wörlic H translates "the trill pipe blow" and means reporting of problems, abuses, risks or dangers observed in a company to superiors/managers, authorities, media and/or the public. The whistleblower is usually an employee or customer of the company and reports from his own experience.
The EU Directive 2019/1937, better known as the "Whistleblower Directive", must be implemented in national law by 17.12.2021. In Germany, there is still no implementation law until a draft speaker. If it stays with it, the Whistleblower directive will be used indirectly in Germany. In any case, the companies addressed by the Directive should begin promptly to adapt to the new legal requirements and make appropriate preparations in their organization.
The aim of the Whistleblower directive is to uncover and prevent violations of certain areas of Union law- in the German draft of the German presentation against all criminal and fine-reinforced regulations- to protect the sensor from negative consequences by always maintaining their anonymity, and thus indirectly improving the legal enforcement. For the company, setting up an easy -to -access and understandably well -known referking system can bring the advantage of initially clarifying critical facts internally and can at best be able to solve them.
Requirements of the Whistleblower Directive
According to the Whistleblower directive, companies based in the EU with more than 50 employees and municipalities with more than 10,000 inhabitants obliged to set up secure channels for information on information for the sensor and corresponding follow-up measures. When implementing national law, the member states are free to free companies with fewer than 50 employees and municipalities with fewer than 10,000 inhabitants from the obligation to establish the reporting channels and to introduce a two -year transition period for companies up to 249 employees.
It is crucial that the whistle provider first informs those responsible (e.g. superiors) in their own company and is protected from retaliation. However, since whistleblowing has often resulted in negative consequences for the whistle, it was often referred by reference providers to report on the superiors of relevant incidents. This is also confirmed by a study by the European Commission from 2017. [1] Afterwards, 81 % of those who observed or experience misconduct in a company to report the incident.
Mounting channel with anonymity
In principle, the Whistleblower guideline provides for a three reporting channels about which employees, customers and other third parties can effectively report references to criminal and fine-reinforced violations (such as the antitrust ban or corruption acts) in companies:
- Internal message,
- Message to the responsible authority (if necessary positions of a criminal complaint),
- Message to the public.
The whistle is not bound to the hierarchy, but can freely choose the channel. To do this, employees have to be informed of how they use the internal report canal, but also under what conditions, how and where they can contact the external reporting channels. In any case, the Whistleblower directive demands that the whistle can also be informed of the message without knowing the persons affected by the report from its identity.
Reaction periods / follow -up measures for clarification
In the implementation of the directive, companies are obliged to confirm the receipt of the message within seven days - if necessary, anonymously. Within three months after confirmation of receipt, the whistle must receive feedback on which measures were taken. It is therefore also in compliance with data protection requirements to develop a corresponding procedure in order to clarify and legally assess the information on possible misconduct.
Sanctions
The Whistleblower guideline stipulates that national legislators determine effective sanctions in order to proceed against the prevention of note reports, against reprisals and lack of confidentiality. In conversation, fines similar to GDPR violations are under discussion. In the case of reprisals, reference providers should be entitled to a claim for damages. If the corresponding internal reporting channels are not available, the whistle -observed violations - protected - can also bring directly to the public.
Individual registration options
The whistle must be able to report the information in writing and/or orally. To design an internal reporting channel, the Whistleblower directive suggests either to set up a telephone, free hotline for the caller, to agree on a personal meeting or to set up an IT-based information system. The size, structure and industry of the respective company must be taken into account in the implementation. However, caution is required for internal and cost-neutral solutions, because they often violate the requirements of the Whistleblower directive or the data protection requirements.
Need for action in companies
Based on our practical experience, we have identified elements that are relevant for SMEs, but also large international companies and can offer real added value in the Compliance Organization. These have also found precipitation in our vein holding system, a modern, cloud-based plug-& play solution.
We would be happy to advise you which measures are required and recommended for your company-also from a cost-benefit point of view. Of course, we also present the possibilities of our own digital fibula system and support you in a legally compliant implementation.
[1] European Commission (2017). Special Eurobarometer 470 - Wave EB88.2 - TNS Opinion & Social.
