What are our obligations under the new EU Whistleblower Protection directive?

January 7, 2020

QUESTION 1:Now that the new directive has been passed, compliance and legal officers in all public and private organisations with 50 or more employees should be asking, “What are the obligations of the EU Whistleblower Protection directive? In a nutshell, your organisation must provide a whistleblowing channel. But this is not enough. The channel must also adhere to these requirements:

  1. Confidentiality of the identity of the whistleblower. Channels for receiving reports must be set up to ensure the confidentiality of the whistleblower and prevent access to non-authorised persons.
  2. Response times: There must be an acknowledgment of receipt of the report within seven days.
  3. Impartial receiver(s) of reports need to be appointed. Such person(s) should have the competence to follow up on reports and to communicate with the whistleblower.
  4. Follow-up: Diligent follow-up to the report and a reasonable timeframe to provide feedback to the whistleblower is required.
  5. Communication: There should be information regarding the conditions and procedures for reporting externally, for example to competent authorities and to the media as a last resort.
  6. GDPR compliance: Any processing of personal data carried out pursuant to the Directive must comply with the GDPR.
  7. Record keeping: Organisations must keep records of every report received, in compliance with the confidentiality requirements. Reports shall be stored for no longer than necessary.

The good news is that WhistleB’s whistleblowing system has everything organisations need to comply with the new directive.

Aside from the functioning of the whistleblower channel, though, the EU Whistleblower Protection directive requires penalties against those who attempt to hinder reporting, retaliate against whistleblowers, attempt to bring proceedings or who reveal the identity of the whistleblower. Any threats or attempts to retaliate against whistleblowers are also prohibited. Organisations therefore need to communicate zero-tolerance for such behaviour and inform employees that it is indeed illegal.

What are the obligations of the new EU Whistleblower Protection directive? For more detailed information and our recommendations, read our Top Tips for EU Whistleblower Protection directive readiness.  You can also download a pdf of our Checklist for preparing for the EU Whistleblower Protection directive.

For more information about the EU whistleblower protection directive contact us.

Karin Henriksson,
Founder and Partner at WhistleB
+46 70 444 32 16


Your message was successfully send. We will get in contact with you as soon as possible.

There seems to be some problem when sending your message. Try again soon.