On 16 April 2019, the Parliament of the EU adopted the Directive for the protection of persons reporting on breaches of Union law. The Member States will have two years to implement the Directive into national law.
The Directive aims to establish secure channels for reports on grievances both within an organisation and to public authorities.
Which companies are affected?
All companies with 50 or more employees will be required to establish efficient and effective reporting channels and whistleblowing procedures. Companies operating in the financial services sector or susceptible to money laundering or terrorist financing must comply with the Directive irrespective of the number of their employees.
Groups of persons protected
Protection will be granted to persons who have acquired information about breaches in their working environment. They include, among others, present and former employees, members of the management and the supervisory board as well as shareholders, paid or unpaid trainees and staff members of suppliers and temporary agency workers.
The Directive also protects intermediaries who assist the whistleblower in his or her working environment in submitting the information, as well as third parties who suffer work-related retaliation due to their relationship with the whistleblower. This may include colleagues, but also family members.
Requirement for amendments to existing processes for accepting and processing reports
Many whistleblowing systems only allow for reports for certain breaches. In the future, whistleblowing systems must also allow for reports on any unlawful activities in relation to acts which are listed in the Annexes to the Directive. They include, for example, unlawful acts regarding the safety of food and feed as well as of products, transports, data and consumer protection. Failure to accept a report on breaches of any of the acts listed constitutes a breach of this Directive.
The Directive also includes specific requirements regarding persons eligible to accept reports, follow-up on the reports, and communicate with the whistleblower.
The identity of the whistleblower must be treated confidentially and may only be disclosed if the whistleblower gives his or her consent to the disclosure of his or her identity or if the disclosure is necessary in the context of official investigations or court proceedings, where the interests of the whistleblower must be taken into reasonable consideration.
Personal data may only be retained as long as necessary and appropriate.
Legal consequences for non-implementation of the Directive
The legal consequences for companies not implementing the Directive are to be defined by the national legislatures, and have therefore not yet been determined. The Directive itself only stipulates that Member States shall provide for “effective, proportionate and dissuasive penalties” applicable to natural or legal persons that hinder or attempt to hinder reporting, take retaliatory measures against whistleblowers, bring vexatious proceedings against whistleblowers or breach the duty of maintaining the confidentiality of the identity of whistleblowers. As far as Germany is concerned, companies could face fines, in particular, because criminal sanctions against legal persons are not possible under current German law.
Rights of whistleblowers and concerned persons
Whistleblowers have the right to be supported by the competent authorities in protecting themselves against any adverse consequences of their actions. In ongoing court proceedings, they must also be granted access to adequate remedial measures, including preliminary relief. If court proceedings have been initiated against them only because of their report or disclosure, they even have the right to apply for dismissal of the claim.
Concerned persons have the right to an effective remedy, fair court proceedings and the respect for the principle of presumption of innocence. In addition, they must be granted all rights of defence to which they are entitled, including the right to be heard and to inspect his or her file.
We would be happy to assist you in checking your whistleblowing system
We would be happy to assist you in checking whether your existing whistleblowing system will meet the future legal requirements or how a new system can be structured.
For this purpose, we have developed a “Healthcheck for Whistleblowing”. With the help of Q&A you can check if your existing reporting channels/whistleblowing systems, if any, meet the requirements of the Directive or if they need to be amended.
Please follow the link to the “Healthcheck for Whistleblowing“
Your score after completing the questionnaire will provide you with an evaluation of your existing systems and proposals for their further development.
Please do not hesitate to contact us if you would like further advice.