New requirements for companies and authorities imposed by the European Whistle Blowing Directive
The EU aims to protect future whistleblowers through the newly introduced Whistle Blowing Directive (Directive 2019/1937) in order to effectively tackle corruption, fraud, misconduct and negligence.
Member states had until December 17, 2021 to incorporate the directive into national law.
Covered by the directive are, of course, public areas such as public procurement, transport safety and environmental protection, but also private sector areas such as product safety. The protection of privacy and the security of personal data are also within the direct scope of the directive.
Under the Directive, companies are required to establish internal reporting channels and member states are encouraged to establish so-called "external reporting channels" with public authorities.
The directive stipulates that whistleblowers must first submit a report through internal reporting channels. If such internal reporting channels are not available, whistleblowers can contact the external reporting channels provided for this purpose directly. Whistleblowers are thus fully protected by the provisions of the Directive in the absence of an internal reporting channel. Under certain conditions, this would also be the case if the whistleblower - in the absence of an internal reporting channel - turns directly to the public (and thus produces serious damage to the image).
Attempts to prevent whistleblowers from using the internal or external reporting channels or to "punish" them in any way are additionally punished by the member states through appropriate sanctions.
Thus, current and former employees, contractors, trainees, job applicants and other business partners are extensively protected as whistleblowers. This protection includes the aforementioned protection against reprisals of any kind, i.e. including suspension, dismissal, transfer or any other form of worse treatment - insofar as this is connected with the report. Any obligation to maintain confidentiality is invalidated by the provisions of the Directive, and contractual penalties and further liability are generally excluded. In addition, whistleblowers benefit from a reversal of the burden of proof, so that a mere prima facie case is sufficient for protection under the Directive.
Since whistleblowers are so strongly protected, it is advisable for every company to set up a corresponding reporting channel. Such a reporting channel is mandatory for companies in certain sectors (such as financial services), the public sector and private companies with at least 50 employees.
To summarize, the establishment of an appropriate whistleblower system is therefore urgently recommended for all companies and authorities.
Glasskube installs, runs, and updates open source software automatically in your cloud without IT effort.