What is the current status of the Polish Whistleblower Protection Law?
There is currently no comprehensive Polish Whistleblower Protection Law, although the country has a patchwork of whistleblower laws that allow the reporting of certain types of misconduct internally and to regulators. In terms of transposition of the EU Directive, a draft bill on protecting individuals reporting breaches of law, was published by the Ministry of Family and Social Policy in October 2021. This has still not been adopted by the government. On 15 December 2021, a government representative stated that a version will be presented to both the European Committee and the Standing Committee of the Council of Ministers in the first quarter of 2022.
According to the current version of the bill, legal entities in the private sector with 50 to 249 workers need to comply with the new laws by 17 December 2023. Organisations employing 250 people or more will be required to comply with the new law, in particular with regards to implementing an internal reporting channel, within two weeks of the law coming into force.
The Ministry of Family and Social Policy created a draft whistleblowing protection bill, in October 2021, to incorporate the EU Whistleblower Protection Directive. It is expected to be presented to the Polish Government soon. Poland currently has no whistleblower protection laws, though a few Polish national laws cover certain types of misconduct.
What to do while awaiting the Polish Whistleblower Protection Law
Given the very short timeframe for larger organisations to implement the Polish Whistleblower Protection Law, they should already be reviewing and preparing internal processes for compliance with the Bill. Since the proposed Bill largely reflects the key principles of the EU Directive, the Directive’s minimum standards, that will apply in all member states and to all organisations with more than 50 employees, are a good place to start. Organisations may therefore choose to familiarise themselves with these minimum requirements (see below), and identify solutions that can help fulfil them.
- A secure channel for receiving whistleblower reports must be put in place.
- Acknowledgment of the receipt of the report must be provided to the whistleblower within seven days.
- An impartial person or department must be appointed to follow up on the reports.
- Records must be kept of every report received, in compliance with confidentiality requirements.
- There must be diligent follow-up of the report by the designated person or department.
- Feedback about the report follow-up must be given to the whistleblower within three months.
- All processing of personal data must be done in accordance with the GDPR.