From December 2023, a large number of Danish companies will be required by law to establish an internal whistleblower system. But what does the Whistleblower Directive entail and why should you implement whistleblower software in your company?
In Denmark, we have implemented the Whistleblower Directive by law. From December 17th 2023, all companies with more than 50 employees must have established a whistleblower system. The purpose of the Whistleblower Directive is to address, among other things, gender discrimination, sexual harassment, theft and fraud, violations of EU law, such as GDPR, as well as gross violations of the workplace’s internal guidelines.
This article explains how to make sure your company complies with the law.
How to comply with the Whistleblower Directive
The Whistleblower Directive ensures, first and foremost, that employees and others who report information about a serious offence or information about any breach of a number of EU legal acts – so-called whistleblowers – are protected from reprisals as a result of reporting facts at work.
But the Whistleblower Directive also gives you, as an employer, vital insight into what is going on in your business. The whistleblower system thus becomes a tool for observing your duty to act as an employer and for protecting yourself against possible liability or, in specific circumstances, the publication of information about your company that could damage your brand.
As an employer, you have numerous obligations which you are legally bound to fulfil, when it comes to handling whistleblower reports. These include feedback, documentation, information, investigation and follow-up. As a public authority, you must also prepare an annual overview that must be made public.
In addition, you must appoint an impartial whistleblower unit. The unit may consist of employees from within your company or an external third party, such as an impartial legal whistleblower specialist. The unit’s task is to handle all processes and fulfil all obligations, including assessing whether there have been severe breaches of the law or other serious matters.
What the Whistleblower Directive means for your business
The Whistleblower Directive obliges all companies with more than 50 employees to set up a whistleblower system in the workplace. The deadline for implementing the system is divided into two, depending on the size of the company:
Companies with between 50-249 employees must have implemented a whistleblower system by December 17th, 2023.
Companies with 250 employees or more should have implemented a whistleblower system already by December 17th, 2021.
Companies with fewer than 50 employees can choose voluntarily to establish a whistleblower system. There is nothing to prevent the establishment of a voluntary whistleblower system, but you should be aware that the Whistleblower Directive does not apply to this type of system.
The Whistleblower Directive also obliges companies to establish channels and procedures for reporting and following up on violations of the law, which ensure timely treatment and protection of whistleblowers, including in particular the anonymity of the whistleblower.
A whistleblower system is not only a legal obligation, it is also a digital management tool that contributes to a safe work environment.
What can a whistleblower report?
As a whistleblower, you can report any breach of EU law.
Among other things:
- Public procurement
- Environmental protection
- Public health
- Product safety
- Financing of terrorism
- Financial services
- Consumer and data protection
- Prevention of money laundering
A report may also concern serious offences under Danish law:
- Theft or fraud
- (Sexual) harassment
- Bribery or embezzlement
- Breach of confidentiality
- Misuse of funds
- Breach of internal guidelines
So, the types of reports can be many, and it requires a legal professional to deal with the reports and make a decision so that your system complies with the requirements and legislation. At A Close Shave, we also provide legal assistance so you don’t have to deal with the cases yourself.
What are the requirements for your whistleblowing system?
The Whistleblower Directive sets out a number of requirements for a company’s internal system, to which your company is required to adhere. The whistleblower system must therefore meet certain requirements regarding your reporting channel and reporting procedure.
Requirements for your reporting channel:
- The channel must be secure and comply with GDPR rules and other cyber security regulations.
- The channel must ensure confidentiality of the whistleblower’s identity and other mentions.
- The channel can be handled internally or by an external system, e.g. Whistle Advisor with an associated legal specialist.
- Reporting should be possible in writing and/or orally over the phone or via a voice messaging system. All company employees should be able to report through the channel, while other persons (e.g. suppliers and business partners) may be given the opportunity to report.
The types of reports can be many, and it requires a legal professional to deal with the reports and make a decision so that your system complies with the requirements and legislation.
Requirements for your reporting procedure:
- An impartial person or department should be designated to receive reports, request additional information and carry out the necessary follow-up.
- The whistleblower must receive confirmation of the report within seven days.
- The whistleblowing report must be dealt with and the whistleblower must receive feedback on the outcome within 3 months of the report. Whistleblowing reports should only be kept for as long as necessary and generally in accordance with the principles of data protection rules (GDPR) and good data processing.
Need help setting up a whistleblower system?
In cooperation with LegalTech Denmark, A Close Shave offers the Whistle Advisor whistleblower platform.