WhistleB Trust Centre

At NAVEX WhistleB, we prioritize data privacy and protecting our customers. Our data centers are located within the EU, using customer-controlled encryption to ensure sensitive data remains secure. The storage of customer data is also compliant with the General Data Protection Regulation (GDPR).

To consistently uphold our priorities, we focus on four key aspects

1 Advanced data privacy and security settings
2 A flexible, reliable service platform
3 Commitment to legal compliance globally
4 Adherence to ISO 27001

Advanced data privacy and security settings

Prioritized data protection

Protecting sensitive data is vital for our customers – and it’s at the heart of all NAVEX WhistleB functions. By default and design, security is embedded within the system, protecting organizations across Europe and the world and ensuring their confidential data remains confidential.

How we protect data

  • Secure multi-factor authentication
  • Intrusion detection and prevention
  • Data encryption in transmission and storage
  • Activity logs by case and by users
  • Redundancy of data to prevent loss

A flexible, reliable service platform

Secure data storage

We use Microsoft Azure as our hosting and development platform service, which gives us the most comprehensive compliance offerings, certifications and 24/7/365 operation.

These platform services have data center security measures to protect against power failure, physical intrusion and network outages.


Microsoft Azure has a broad range of certifications and is committed to their annual renewal. Their certifications include:


  • ISO 27001 – the international standard for information security management
  • ISO 27018 – the international standard for protecting personal data in the cloud
  • Cloud Security Alliance


You can access Microsoft Azure’s security management and compliance statements through the Microsoft Trust Center.


Commitment to legal compliance globally

Legal compliance

NAVEX WhistleB operates and complies with current data protection laws in 150 countries, including the EU Global Data Protection Regulation (GDPR) and the EU Whistleblower Protection Directive.

How we meet essential GDPR requirements

Data is stored in the EU with customer-controlled encryption, so NAVEX and its suppliers are unable to access sensitive customer data.

Microsoft Translator is included in the NAVEX WhistleB case management tool. Text submitted through the safe machine translation function is not stored or written to persistent storage; the functionality of Microsoft Translator is GDPR compliant.


Adherence to ISO 27001

NAVEX WhistleB Information Security Management System

Our Information Security Management System (ISMS) complies with ISO/IEC 27001:2017. It ensures information security and personal data management are considered throughout the service lifecycle.

Information security

The ISMS governs NAVEX WhistleB’s internal processes and our relationships with customers, partners and suppliers, helping us ensure customer data confidentiality, integrity and availability.

Schrems II and how it affects whistleblowing systems

Read more

WhistleB compliance offerings


Kenneth Magnusson

Quality Manager, NIBE

"The WhistleB Case management tool provides us with a user-friendly interface that enables dialogue with an anonymous whistleblower, secure translations and third party investigations. The service was efficiently implemented. WhistleB took the lead for the entire implementation process.”

Håkan Zinders

Sustainability manager, Almi

"Both for our management and for the owner the whistleblower system is a hygiene factor.”

Pehr Ohlsson

Head of Labour Relations, Axfood

WhistleB delivers good service and is attentive to any possible development needs of the system.”

Anna Annerås

Director, Ecolean

“ With a credible whistleblowing system we show that we care about our employees and how we conduct our business. WhistleB filled all our criteria as a supplier; they had thorough whistleblowing expertise and a system that creates confidence through a high level of safety and stylish design. WhistleB has been incredibly professional and service-oriented.”

Sajan Parihar

Director, Microsoft Azure Platform, Microsoft

“We’re happy to welcome WhistleB’s solution to the growing Azure Marketplace ecosystem.” WhistleB – Microsoft Azure »

Madeleine Jennefelt

Legal Counsel, Resurs Holding

We are very satisfied with the service that WhistleB offers. The interface is user-friendly and the system ensures anonymity and transparency. The implementation was carried out efficiently and we got valuable advice and assistance throughout the roll-out phase.”

Caroline Jakobsson

Head of Corporate Governance, Stena Group

WhistleB is an easy to use system, with relevant features that facilitate the monitoring of reported cases. It is easy to stay in touch with the whistleblower, who remains completely anonymous and we are notified by e-mail as soon as a new report or a follow up answer is received. With the professional guidance of the WhistleB team the system was very easy to implement.”

Johan Ek

Senior Legal Counsel, Swedfund

WhistleB has a thorough knowledge in the field of organizational whistleblowing, provides a global tool, that is easy to adapt, and has a service minded attitude.”

Tuija Luukkanen

Corporate Responsibility Manager, Tornator

“The cooperation with WhistleB has been smooth and effortless. The whistleblowing system was implemented with a tight schedule. We have also opened a phone reporting hotline for one of our markets.”

Gunilla Hadders

Founder of WhistleB

“We have packaged our years of experience in the WhistleB off-the-shelf whistleblowing system, so our customers can enjoy a straightforward launch of a modern whistleblowing system.”

Biörn Riese

WhistleB Advistory Board

“The purpose of whistleblowing is to create a simple channel, reducing risks and increasing transparency. A whistleblowing system must be able to handle sensitive information and personal data in an accurate and credible way. This is why it is excellent that WhistleB’s whistleblower system is both ISO 27001 certified and GDPR reviewed."

WhistleB policies