What is the EU Whistleblowing Directive?

On the 16 April 2019, the EU Whistleblowing Directive was passed by the European Parliament, giving all whistleblowers better protection when they come out to the public about negligent acts or corruption within the organisations they work for.

Today’s reality of whistleblowing

Of course, there are also hundreds of whistleblowing cases which never make it to the headlines, and those whistleblowers often struggle the most. The European Union decided to make it easier for whistleblowers to come out against wrongdoing and give them more legal protection, so they introduced the EU Whistleblowing Directive.  Read the European Parliament press release.

We’ve all heard of famous whistleblowers, #MeToo and we hold their actions in esteem, but we are also aware of the sacrifices they’ve had to make after the fact. Whistleblowers are initially commemorated in the media for their bravery, but they are also scrutinised and once the dust settles they are often left feeling ostracised and lose their jobs or are forced to leave.

Why was the Directive introduced?

The Whistleblower Directive was introduced to acknowledge the sacrifices whistleblowers are forced to make when they come out against wrongdoing; such as a loss of employment, scrutiny by the media, and damage to mental and physical health. It’s designed to give whistleblowers a safe place to report their concerns.

What does this mean for businesses?

For businesses in the EU, the directive means that businesses with fifty or more employees and more than €10million in annual turnover will need to set up internal reporting channels so concerns can be made confidentially, and maintain a specific standard for record-keeping, confidentiality, and investigation.

As a business, what do you need to know?

As a business with fifty employees or more (and a turnover of at least €10million) operating within the EU, you need to be aware that:

  1. The Whistleblowers Directive applies to job applicants and former employees as well as current employees, and extends to supporters of the whistleblower and journalists.

  2. Whistleblowers are protected from dismissal, degradation, and discrimination.

  3. The protection only extends to reports of wrongdoing concerning EU law. So, it applies to things like money laundering, tax fraud, product safety, road safety, public procurement offences, environmental protection issues, public health violations, and data protection.

  4. The whistleblower can choose whether to report the concern internally or directly to the correct authorities and can go to the media if they believe it is in the public interest.The Whistleblower Directive protects them in both scenarios.

7 Things you need to do as a business to comply

  1. If you have 250 employees or more, you need to set up the correct internal channels within two years, while businesses of 50-250 employees have a further two years to comply. If you are the latter, you may use a shared reporting channel.

  2. Whistleblowers are allowed to submit their reports in writing (via physical mail or an online system) or orally (via a telephone hotline). You are also obliged to provide a personal meeting if the whistleblower requests it. You must keep their identity confidential, regardless of how they choose to submit their report. You should make these channels available 24/7, allow reports to be anonymous, and be accessible to all.

  3. All personal data must be handled in accordance with GDPR, be that of the whistleblower or any people accused.

  4. You must determine the most suitable person within your company to investigate these reports. This can be a compliance officer, Head of HR, CFO, board member, or legal counsel. You can also outsource the processing of these reports. 

  5. You must confirm receipt of the report to the whistleblower within seven days, and you must inform them of any action you have taken within three months, as well as the status of the investigation and the outcome when concluded.

  6. You must provide the competent authority with information on the internal reporting process, and this information must be easily understood (and accessed) by employees, business partners, service providers, and suppliers.

  7. You must keep all reports in a secure place.

What if these expectations aren’t met?

If a business is unable to or fails to comply with the directive, through negligence or an attempt to coverup a report or prevent a whistleblower from reporting, there will be serious penalties. The same applies if you fail to keep the identity of the whistleblower confidential. If there are any attempts at retaliation at the whistleblower, these actions will also not be tolerated.

picture of man holidng a whistle

How to set up internal reporting channels

As mentioned above, if you are an organisation with 250+ employees you have two years from the 16 September 2019 to set up suitable internal reporting channels, so the sooner you comply, the better. You need to implement a system which removes the fear of repercussion for your employees, job seekers, and former employees, and gives anyone who needs to raise an issue a strong voice to be a power for good.

Further information on how to build a successful speaking up process in your organisation can be found in our free E-book. If you have any questions or concerns about the implications of this Directive on your organisation, give us a call and we’d be happy to take you through it.

WorkInConfidence is the industry leading people involvement platform: One place to MEASURE where you are at any time with pulse, mini or full surveys, DISCUSS how to improve on forums and RAISE ideas or concerns anonymously directly with senior management and have an ongoing discussion. Contact us today to find out more or arrange a demonstration.