Whistleblowing
Contributing Editors
In this new age of accountability, organisations around the globe are having to navigate a patchwork of new laws designed to protect those who expose corporate misconduct. IEL’s Guide to Whistleblowing examines what constitutes a protective disclosure, the scope of regulations across 24 countries, and the steps businesses must take to ensure compliance with them.
Learn more about the response taken in specific countries or build your own report to compare approaches taken around the world.
Choose countries
Select specific jurisdictions to filter on
Choose questions
Choose the questions you would like answering, or choose all for the full picture.
02. Which companies must implement a whistleblowing procedure?
03. Is it possible to set up a whistleblowing procedure at a Group level, covering all subsidiaries?
04. Is there a specific sanction if whistleblowing procedures are absent within the Company?
05. Are the employee representative bodies involved in the implementation of this system?
06. What are the publicity measures of the whistleblowing procedure within the company?
07. Should employers manage the reporting channel itself or can it be outsourced?
- (-)
08. What are the obligations of the employer regarding the protection of data collected related to the whistleblowing procedure?
09. What precautions should be taken when setting up a whistleblowing procedure?
12. What is the legal definition of a whistleblower?
13. Who can be a whistleblower?
14. Are there requirements to fulfil to be considered as a whistleblower?
15. Are anonymous alerts admissible?
16. Does the whistleblower have to be a direct witness of the violation that they are whistleblowing on?
17. What are the terms and conditions of the whistleblowing procedure?
18. Is there a hierarchy between the different reporting channels?
19. Should the employer inform external authorities about the whistleblowing? If so, in what circumstances?
20. Can the whistleblower be sanctioned if the facts, once verified, are not confirmed or are not constitutive of an infringement?
21. What are the sanctions if there is obstruction of the whistleblower?
22. What procedure must the whistleblower follow to receive protection?
23. What is the scope of the protection?
24. What are the support measures attached to the status of whistleblower?
25. What are the risks for the whistleblower if there is abusive reporting or non-compliance with the procedure?
08. What are the obligations of the employer regarding the protection of data collected related to the whistleblowing procedure?
08. What are the obligations of the employer regarding the protection of data collected related to the whistleblowing procedure?
Flag / Icon
France
France
- at Proskauer
- at Proskauer
The persons who have their data collected and used in the context of a whistleblowing procedure – starting with the whistleblower him or herself – benefit from the guarantees of the European General Data Protection Regulation (GDPR) as follows:
- they must be properly informed about the processing of their personal data, from the very beginning of the whistleblowing process; and
- they can exercise the rights of access, opposition, rectification and deletion guaranteed to them by the "Informatique et Libertés" law of 1978, as amended to adapt French law to the GDPR.
Information that could identify the whistleblower can only be disclosed with his or her consent. In practice it is recommended to obtain written consent.
However, this information can be communicated to the appropriate judicial authority when the employer has to report facts. In such a case, the whistleblower must be informed unless this information would jeopardise the judicial process.
For example, the employer must report the following:
- In the public sector, a constituted authority, public official or civil servant who, in the performance of his or her duties, becomes aware of a crime or misdemeanour must report it without delay to the General Prosecutor and must provide all relevant information, minutes and documents relating to the offence (article 40, paragraph 2 of the Criminal Procedure Code).
- Regarding money laundering, insurers, mutual health insurance companies or credit institutions are required under certain conditions to report to the Tracfin Agency the amounts entered in their books or transactions involving money that they know, suspect or have good reason to suspect come from an offence or are linked with terrorist financing (article L. 561-15 of the Monetary and Financial Code).
Data relating to alerts may only be kept for as long as strictly necessary and proportionate to processing the alert and for the protection of the authors, concerned persons and any third parties mentioned in the alerts, taking into account the time required for any further investigations.
Also, when personal data relating to alerts is collected, it must be kept under the provisions of the GDPR.
Flag / Icon
Germany
Germany
- at Oppenhoff
- at Oppenhoff
The internal reporting office implemented by the employer is, initially, authorised to process personal data insofar as this is necessary for the fulfilment of its task under the Whistleblower Protection Act (10 HinSchG). The wide-ranging processing authority allows the personal data contained in the reports to be both received and analysed by the reporting office. In addition, new personal data may be recorded and further processed during the implementation of the follow-up measures.
The employer's obligation to protect the data collected in the course of the whistleblowing procedure is then directly based on the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act. This means, for instance, that data processing has to be limited to the extent necessary to fulfil the tasks of the internal and external reporting channel – data minimisation principle, (article 5 (1) lit. c) GDPR).
Finally, the processing of personal data is complemented by the confidentiality requirements of internal (and external) offices, (section 8 HinSchG).
Download your results as a PDF
Download as pdf link
Contributors
Australia
Pinsent Masons
Austria
GERLACH
Belgium
Van Olmen & Wynant
Brazil
CGM
Croatia
Babic & Partners
Denmark
IUNO
France
Proskauer
Germany
Oppenhoff
India
Khaitan & Co
Ireland
Arthur Cox
Italy
Zambelli & Partners
Japan
City-Yuwa
Latvia
Ellex Klavins
Lithuania
Ellex Valiunas
Luxembourg
Castegnaro
Malta
Camilleri Preziosi
Nigeria
Bloomfield LP
Poland
Baran Książek Bigaj
Portugal
Cuatrecasas
Romania
STALFORT Legal. Tax. Audit.
Singapore
Braddell Brothers LLP
Spain
Cuatrecasas
Sweden
Lindahl
United Kingdom
Proskauer
United States
Proskauer
Contributors
France
Proskauer
Germany
Oppenhoff