Whistleblowing systems and the EU Whistleblowing Directive: The 3 Essential Criteria

whistleblowing system

Whistleblowing systems and the EU Whistleblowing Directive: The 3 Essential Criteria

whistleblowing systemA whistleblowing system is an effective tool for detecting and uncovering illegal and fraudulent activities. However, the effectiveness of a whistleblowing system is determined by a few key factors that must be met by the company.

Communication and raising awareness about, guaranteeing confidentiality, and easy access to the reporting system are the main, commonly known factors. In addition to these three factors, several other requirements need to be met to ensure the reporting system can run effectively. 

The EU Whistleblower Directive stipulates various provisions that European Union (EU) member states must comply with to create a minimum level of protection for whistleblowers and encourage individuals to report violations and misconduct. These provisions include:

1. Facilitating reporting in oral and written form

Organizations are required to establish diverse channels for reporting, enabling whistleblowers to submit reports either orally, in writing, or both. Among the most prevalent options are dedicated telephone hotlines and web-based online reporting systems. Other channels include SMS, postal mail, and online chat. 

In addition, these channels must also be easily accessible and user-friendly. For example, incorporating a multilingual reporting feature.

2. Ensuring the security and confidentiality of the identities of the parties involved

Should an organization employ a third-party service to provide a whistleblowing system, it must ensure that the third party has the capacity to support anonymous reporting without hindering the investigation process. 

3. Data processing under the GDPR

The whistleblowing system must ensure that the data security and retention policies are in accordance with the General Data Protection Regulation (GDPR), which governs how the personal data of individuals in the EU may be processed and transferred.

Although the EU Whistleblower Directive targets EU member states, this regulation also impacts companies from countries outside the jurisdiction. For instance, Indonesian or Swiss companies with a presence in the EU can become subject to this regulation if they meet the specified threshold requirements. The requirement is that companies with 50 or more employees must have a whistleblowing system. However, companies in the financial sector and other sectors vulnerable to money laundering or terrorist financing are required to have a whistleblowing system regardless of the number of employees.

Similarly, if a China-based company serves as a primary vendor to an EU-based company, it is likely the company must establish a whistleblowing system that complies with the criteria stipulated in the EU Whistleblower Directive.

The establishment of a compliant reporting system is not an easy feat. The absence of infrastructure for an integrated reporting platform and the lack of experience and expertise can significantly hinder a company’s ability to establish a compliant whistleblowing system.

One surefire solution is to work with a third-party that provides an integrated and compliant reporting platform. One such example is the Canary Whistleblowing System.

Canary WBS enables two-way communication between whistleblowers and operators without the whistleblower needing to provide any personal information (e.g. email or phone number). Whistleblowers can submit reports, receive updates, and converse with operators anonymously, without the need to create an account—using a set password and report identifier number.

Canary WBS, as a provider of a web-based whistleblowing hotline system, uses end-to-end encryption (E2EE) and is SSL-certified for maximum user data protection. Moreover, the data retention policy is GDPR-compliant.

The Canary Whistleblowing System enables companies to comply with the EU Directive with features that accommodate all the elements required in a reporting system. Moreover, by using a reliable third-party service, organizations can save time, money, and resources in implementing a compliant whistleblowing system.


Image by Freepik

Share this post:



Jl. RS. Fatmawati Raya No. 57-B, Cilandak Barat, Jakarta 12430, Indonesia







Get the latest updates and industry insights

    Copyright – INTEGRITY – All Rights Reserved © 2024 – Privacy Notice | Terms of Services | Content Protection by DMCA.com