How does the WhistleB whistleblowing system support compliance with the EU Whistleblower Protection Directive?
The WhistleB system supports compliance with the EU Whistleblower Protection Directive (“the Directive”) requirements, helping organisations to reduce compliance risk. It ensures confidentiality, security, prompt feedback, diligent case management, privacy by design and default and much more.
Moreover, the WhistleB team monitors national legislation to support compliance with the Directive and its transposition into national laws as these evolve over time.
Organisations should take into account the following minimum requirements of the Directive. WhistleB helps you to meet them:
1. Obligations of the Directive: A channel for receiving whistleblower reports must be put in place. The channel needs to be designed, set up and operated in a secure manner that ensures the confidentiality of the identity of the whistleblower and any third party mentioned in the report, and prevents access to non-authorised staff members. Such channels must allow for reporting in writing and/or orally, by telephone or other voice messaging systems and, upon the request of the whistleblower.
The WhistleB whistleblowing system ensures the whistleblower and any third party’s information remains confidential throughout the entire process. Anonymity of the whistleblower is guaranteed via the technical functionality of the system, both during reporting and follow-up. All communication is end-to-end encrypted in storage and in transit. Two-factor authentication ensures secure access to the Case management tool, so that reports are only accessible by authorised individuals.
2. Obligations of the Directive: An acknowledgment of the receipt of the report must be provided to the whistleblower within no more than seven days after receipt.
The WhistleB system allows feedback to be provided to the whistleblower within seven days. It also sends a notification to the person responsible when new reports have been received.
3. Obligations of the Directive: An impartial person or department must be designated for following up on the reports, maintaining communication, asking for further information and providing feedback to the whistleblower.
The WhistleB Case management tool is designed to ensure that users manage cases according to the Directive, from providing the service to reception, investigation, closing, archiving and deleting a case.
4. Obligations of the Directive: Records must be kept of every report received, in compliance with confidentiality requirements.
The WhistleB system includes Activity and User logs for secure record keeping of all stages of case management.
5. Obligations of the Directive: There must be diligent follow-up of the report by the designated person or department, also covering anonymous reporting, where provided for in national law.
The Case management tool within the WhistleB system provides secure follow-up tools to support these requirements. It allows cases to be assigned to different teams for processing, and discussions can be held between team members securely within the system. External specialists, for example investigators or legal professionals, can also be securely added to the team on a case-by-case basis. In addition, the WhistleB Resource Centre provides relevant information on national legal requirements regarding follow up.
6. Obligations of the Directive: A reasonable timeframe must be applied for providing feedback to the whistleblower about the report follow-up, within three months of the acknowledgment of receipt.
The WhistleB system allows feedback to be provided to the whistleblower about the investigation process within three months. This includes anonymous whistleblowers.
7. Obligations of the Directive: All processing of personal data must be in accordance with the GDPR.
The WhistleB system enables users to comply with GDPR requirements for the handling of personal data, as well as protection by default and by design. The system is strongly encrypted, and all data is stored in secure servers located in the EU. Access to data is only possible by individuals appointed by the customer.
If you would like to find out more about how the WhistleB system supports compliance with the EU Whistleblower Protection Directive, book a free demo at this link. Otherwise contact us.