Iubenda logo
Start generating


Table of Contents

How to Implement Whistleblower Protections in Your Organization

In an era where transparency and corporate responsibility are paramount, regulators are working to establish frameworks for the protection of individuals in the workplace.

whistleblower directive

The Whistleblower Directive serves as a critical tool in order to set robust protections for employees and other stakeholders who step forward to report wrongdoings. As a business, this should matter to you for two reasons: complying with legal requirements and maintaining a safe environment with integrity.

The Whistleblower Directive: At a Glance

What is the EU Whistleblower Directive?

The Directive (EU) 2019/1937 on the protection of individuals who report breaches (wrongdoing or misconduct) of Union law, also known as the “Whistleblower Directive”, was adopted on October 23, 2019, and entered into force on December 16, 2019.

It sets minimum standards for the protection of whistleblowers across the European Union and requires all EU Member States to implement measures, within national legal frameworks.

Who can be defined as a “whistleblower”?

Whistleblowers are reporting persons working in the private or public sector who acquired information on breaches (wrongdoing, misconduct or violation of EU law) in a work-related context. It can be, amongst others:

  • Employees;
  • Contractors or subcontractors;
  • Suppliers;
  • Volunteers;
  • Paid/unpaid trainees;
  • Job applicants.

What type of violation can be reported?

Whistleblowers can report a wide range of issues in several areas, such as:

👉 Protection of privacy and personal data
👉 Consumer protection
👉 Violations of company policies and procedures
👉 Financial misconduct
👉 Money laundering and terrorist financing
👉 Fraud
👉 Network and information system security
👉 Harassment or discrimination
👉 Safety concerns (product, food, transportation)
👉 Public health or animal health and welfare concerns
👉 Environmental issues

whistleblower protections

Who has to comply with the Whistleblower Directive?

The following organizations must comply:

  • Public and private entities with 50 or more employees;
  • All state, regional administrations, and municipal administrations with over 10,000 inhabitants.

💡 Even if your company is based outside the EU, if you have a presence (i.e. branch) in a Member State of the EU and employ at least 50 employees, you are also subject to the Directive and relevant national legislation.

How to Implement Robust Whistleblower Protection Measures

There are a number of protection measures you need to take in order to comply with the Whistleblower Directive and make sure the rights of individuals in this regard are honored. We have listed 4 below.

💡 Some legal penalties are imposed on companies that are not compliant with the directive. On top of that, there is a potential risk for your reputation and customer trust, which in turn can strongly impact your business. Keep reading to see what you can do!

📌 Establish an Internal Reporting Channel

In short, you need a way for employees and other stakeholders to report wrongdoing directly, in a confidential and secure way. You can do that by putting in place a process such as an internal reporting channel. This channel must:

Ensure confidentiality of the reporting person’s identity (and that of any third party mentioned in the report);
Prevent access from non-authorized staff;
Acknowledge receipt within 7 days;
Provide feedback in a timely manner, within 3 months;
Designate an impartial person/department to handle reports;
Allow different means of reporting (writing, orally, in person);
Keep records for no longer than necessary to comply with legal requirements.

💡 🚀 See how you can do this here.

📌 Provide Training for Reporting Persons

Another measure you should implement is to properly inform any potential reporting individual, such as employees, of their rights and protections deriving from the directive.

It goes without saying, you should also give necessary training on how your reporting process works.

💡 Learn more about this measure here.

📌 Keep Whistleblowers’ Information Confidential

Anonymity is key when handling whistleblowers’ reports. This is tightly linked to the next measure on preventing retaliation.

In a nutshell, the identity of whistleblowers cannot be disclosed without their explicit agreement. This means that you should keep their data confidential. As always, compliance with data protection laws like the GDPR is crucial.

📌 Prevent Retaliation

This step requires you to implement robust legal measures to shield whistleblowers from backlash.

Companies must show that they are proactive on this matter, by putting an anti-retaliation policy in place, conducting internal investigations and supporting whistleblowers who do face retaliation.

Easily Manage Whistleblower Reports with iubenda

Leverage technology to implement whistleblowing systems in no time!

🚀 iubenda’s Whistleblowing Management Tool helps companies set up a reporting channel to comply with the Whistleblower Directive in no time and with low effort! It consists of a form and dashboard to simplify the process of submitting and managing whistleblowers’ reports through a dedicated channel.

With iubenda’s secure platform for internal reporting, bypass the limitations tied to other traditional reporting channels like phone or email, and easily meet the technical requirements mentioned above:

⭐ Quick form setup
⭐ Guaranteed anonymity and confidentiality for whistleblowers
⭐ All-in-one dashboard to centralize reports and processes
⭐ Guided, standardized process for reporting
⭐ Instant acknowledgement mechanism upon receipt

Provide Whistleblowers with a Secure Reporting Channel

and comply with the EU’s Whistleblower Directive!

Try it now