Data security and whistleblowing systems
How can we balance the shifting obligations regarding data security and whistleblowing systems? Once again this has become a real concern for many companies as they grapple with three complex and currently converging, sets of regulations. First there is the requirement to implement a whistleblowing channel under the imminent EU Whistleblower Protection Directive, while second, also needing to comply with the GDPR, and third trying to understand the implications of the Schrems 2 ruling regarding data sharing between the EU and the United States.
Shortly after the Schrems 2 ruling was passed in 2020, WhistleB wrote an article summarising the related legal landscape, our position and how the WhistleB whistleblowing system handles data security. The full article is available here. However it is worth repeating a couple of the key messages again.
As an EU-based provider of cloud-based services, WhistleB is subject to and fully complies with the EU GDPR. The WhistleB system also includes features to help customers comply with the minimum standards provided by the EU Whistleblower Protection Directive. WhistleB is a so-called zero-knowledge provider.
WhistleB cannot disclose customer data to anyone. WhistleB customer data is protected against any disclosure through strong encryption technology in the whistleblowing system. This encryption technology ensures that data is accessible by the customer only, not by WhistleB, any supplier, any authority nor any other third party. A WhistleB customer has full and sole control of the encryption key. Only the customer can decrypt and give anyone access to their data.
Security has always been at the heart of everything we do at WhistleB – to protect both whistleblowers and our customers’ data. We purposefully design market-leading security into our whistleblower system and select the most secure IT providers. Data security and compliance with all applicable laws are and will remain focus points of the WhistleB whistleblowing system.
When it comes to the WhistleB system, we apply encryption as the key to dealing with the deadlock created by Schrems 2. This is nonetheless a tricky web of legal, systems, compliance, security and data matters, not made easier by the range of laws in different jurisdictions. WhistleB is working closely with a number of our law firm partners to share knowledge that will help companies navigate through, and make the best choices for their organisations. Indeed, this is the topic of a presentation given by WhistleB’s Jan Tadeusz Stappers in an online event with our partner SKW Schwarz in Germany.
If you’d like more information about the data security in the WhistleB whistleblowing system, please contact us.
Jan Tadeusz Stappers, LL.M.
Senior Manager, Partnerships