© WHISTLEB WHISTLEBLOWING CENTRE 2019 [email protected] www.whistleb.com
How ready is your organisation to comply with the new EU Whistleblower Protection law?
A checklist Read through the checklist obligation by obligation. Then contact us so we can help
you turn your no’s into yes’s to comply with the EU Whistleblower Protection law.
Do you already have a whistleblower system in place?
Yes You are off to a good start. Continue to the checklist against legal obligations on the next page.
No Contact WhistleB to discuss the best whistleblowing system option for your needs.
© WHISTLEB WHISTLEBLOWING CENTRE 2019 [email protected] www.whistleb.com
Confidentiality of the identity of the whistleblowerThe law says: The procedures for reporting and following-up of reports shall include channels for receiving the reports which are designed, set up and operated in a secure manner that ensures the confidentiality of the identity of the reporting person and any third party mentioned in the report, and prevents access to non-authorised staff members.
1. Does your whistleblower system allow a whistleblower’s identity to remain confidential? YES NO
2. Can you open up the system to external parties such that it also protects their identities? YES NO
3. Are identities protected all the way from reporting to archiving of cases? YES NO
4. Is access to your case management system adequately secure, for example with multifactor authentication for staff members?
YES NO
5. Is your system vulnerability and penetration tested by external parties? YES NO
Response timesThe law says: The procedures for reporting and following-up of reports shall include an acknowledgment of receipt of the report to the reporting person within no more than seven days of that receipt.
6. Does your whistleblower system automatically and immediately give a notification to the whistle-blower confirming receipt, while maintaining anonymity of the whistleblower?
YES NO
7. Can the whistleblower team be notified immediately that a report has been received? YES NO
8. Can your system scale up to take an increase in the number of reports if needed? YES NO
9. Are you able to create standard response messages? YES NO
10. Do you have a dedicated person/team to receive the reports? YES NO
HOW READY IS YOUR ORGANISATION TO COMPLY WITH THE NEW EU WHISTLEBLOWER PROTECTION LAW? A CHECKLIST.
© WHISTLEB WHISTLEBLOWING CENTRE 2019 [email protected] www.whistleb.com
WHISTLEB´S BEST ADVICE ON HOW TO COMPLY WITH THE EU WHISTLEBLOWER PROTECTION DIRECTIVE
Contact personsThe law says: The procedures for reporting and following-up of reports shall include the designation of an impartial person or department competent for following up on the reports (…) and which will maintain communication with and, where necessary, ask for further information from and provide feedback to the reporting person.
11. Do you have competent resources in place for following up on reports in an appropriate manner? YES NO
12. Does your system allow you to add the competences you need per case? YES NO
13. Do you have a system and the skills and routines in place to handle investigations? YES NO
14. Does your whistleblower channel allow you to add external experts securely into the case handling process?
YES NO
FollowupThe law says: The procedures for reporting and following-up of reports shall include diligent follow-up to the report by the designated person or department, diligent follow-up where provided for in national law as regards anonymous reporting, and a reasonable timeframe to provide feedback to the reporting person about the follow-up to the report.
15. Do you have a channel through which the whistleblower can add pictures, videos, text documents and other file formats, and that cleanses meta data?
YES NO
16. Does your whistleblower system include a case management tool that is integrated with the reporting channel?
YES NO
17. Does your whistleblower channel allow for a dialogue with either an anonymous or non-anonymous whistleblower?
YES NO
18. Does your system allow secure translation support for communication in multiple languages? YES NO
© WHISTLEB WHISTLEBLOWING CENTRE 2019 [email protected] www.whistleb.com
Communication & informationThe law says: The procedures for reporting and following-up of reports shall include clear and easily accessible infor-mation regarding the conditions and procedures for reporting externally to competent authorities and, where relevant, to institutions, bodies, offices or agencies of the Union.
19. Do you provide clear and easily available information to employees about how and where they can report concerns, including their options for external reporting?
YES NO
20. Is such information adapted for each country in which you operate? YES NO
21. Is the information available automatically when people access your whistleblower system? YES NO
22. Are your policy documents, Code of Conduct and related training materials updated to inform employees on behaviour, such as “retaliation”, that would be in breach of the EU Whistleblower Protection Directive?
YES NO
GDPR ComplianceThe law says: Any processing of personal data carried out pursuant to the Directive must comply with the GDPR.
23. Is your whistleblower system fully compliant with the GDPR in all EU countries in which you operate? YES NO
24. Does your system automatically allow deletion of personal data when the case is closed? YES NO
25. Do you inform potential users correctly about national differences in reporting? YES NO
Record keeping of the reportsThe law says: Authorities, private and public legal entities must keep records of every report received, in compliance with the confidentiality requirements provided for. Reports shall be stored for no longer than it is necessary and pro-portionate.
26. Does your system keep a user and case log of each case? YES NO
27. Does your system allow for deleting personal data in line with the GDPR? YES NO
© WHISTLEB WHISTLEBLOWING CENTRE 2019 [email protected] www.whistleb.com
WHISTLEB´S BEST ADVICE ON HOW TO COMPLY WITH THE EU WHISTLEBLOWER PROTECTION DIRECTIVE
Karin HenrikssonFounding [email protected] +46 70 444 32 16
Contact us if you would like a free consultation on your readiness for compliance.
Join the WhistleB webinar to find out what the EU Whistleblower Protection Directive means for you.
WhistleB is a global whistleblowing service provider and business ethics & compliance expert. We help customers to foster a safe and more transparent work environment. The WhistleB system is currently used in more than 150 countries.
For more information about the EU Whistleblower Protection Directive, or if you have further questions concerning corporate whistleblowing, please contact: