Karo-1.png

What is a Whistleblower?

In recent years, whistleblowers have repeatedly made headlines. Most recently, the Wirecard scandal certainly attracted the most attention and is therefore probably the most prominent example of whistleblowing at the moment. The public discussion in connection with the handling of whistleblowers is getting louder and in 2019 an important legal impulse for the protection of whistleblowers was set with the entry into force of the EU Whistleblower Directive. What is a “whistleblower” and how is it defined more precisely under this new EU Directive?

What is a Whistleblower? [Definition]

Well-known cases of whistleblowers include Julian Assange and Edward Snowden, but what is a whistleblower actually?

First of all, a whistleblower is “only” a natural person who reports information about wrongdoing in companies or public institutions. The person must have obtained this information in connection with his or her work. There is no standard in terms of content – it can be information about grievances of considerable scope, such as criminal offences or general dangers for employees or the entire company. However, it can also be less serious incidents, such as ethics violations or violations of internal policies.

This definition is deliberately based on the EU Whistleblowing Directive, as it stipulates who is to be protected when reporting information via a whistleblowing system. The EU Directive is authoritative for national implementation in all EU member states (in Germany: Whistleblower Protection Act). 

Who can be a whistleblower?

The above-mentioned natural persons protected by the EU Whistleblowing Directive include all employees of a company: i.e. not only current full-time or part-time employees, but also trainees, former and future employees.  

Accordingly, employees constitute the largest group of potential whistleblowers. Members of the management or other persons in leading positions as well as members of the supervisory board and shareholders are also protected as whistleblowers under the EU Whistleblowing Directive. Outside the company, customers, contractors and suppliers can also be whistleblowers.  

In summary, the EU Directive includes all groups of people who are connected to your company and can thus obtain information about wrongdoing. 

What is the Whistleblower Directive?

The EU adopted a Whistleblower Directive for the first time in October 2019, which applies to almost all companies in the EU. The Whistleblower Directive had to be transposed into national legislation in the form of a Whistleblower Protection Act by the end of 2021 at the latest. This creates new challenges for companies. Find out in this article whether your company is covered by the directive. Read which requirements an internal reporting system in your company must fulfil and how you can protect yourself from whistleblowers disclosing company secrets to the public with impunity. 

In the EU, the protection of whistleblowers has not been uniformly regulated until now. This leads to unequal treatment and legal uncertainty. In order to enable fair competition and a well-functioning internal market within the EU, uniform standards are to be introduced in all EU states with the implementation of the EU Whistleblower Directive.

Which issues are covered by the EU Whistleblower Directive?

For all EU states, any whistleblower who reports violations of EU rules should be protected:

The EU states now have to transpose the Whistleblower Directive into national law. However, the EU standard is not to be undermined in the process. States may be stricter and add additional national areas of application. What is the situation in Germany? Compared to other EU states, Germany has so far performed poorly in the legal protection of whistleblowers. In the past, EU directives were always implemented on time, with German thoroughness. 

The implementation deadline for the EU Whistleblower Directive is the end of 2021. So far, the German government has not passed a Whistleblower Protection Act. Both draft bills submitted, the last one from April 2022, were rejected. After that, it was clear that the law would not be passed before the federal elections.

How must companies in the EU deal with whistleblowers in the future?

Affected companies should prepare for the implementation of the German Whistleblower Protection Act and meet the standards required by the Directive.

Before you ask yourself how the implementation of the EU Whistleblower Directive looks like in your company, you can find out below whether your company is affected and which requirements are specified by the EU Whistleblower Directive.

Is your company affected?

Affected are:

All authorities, state and regional administrations as well as municipalities with more than 10,000 inhabitants are also affected. Companies with up to 249 employees are expected to have an extended implementation period until 2023.

Expectations of companies

The expectations for reporting systems in companies are set out in great detail in the EU Whistleblower Directive. The most important for you in a nutshell:

Companies must process the incoming reports as following:

Our tips for installing a whistleblower reporting channel

Appoint at least two contact persons who are perceived by employees as neutral and trustworthy, so that responsibility is regulated transparently in the event of a substitution. In addition, appoint an external contact person. If the internal responsible persons then unexpectedly become unavailable, the functionality of the reporting channel can be preserved.

There are many different reporting channels for whistleblowers. Choose those that automatically monitor compliance with the deadlines for you.

How should a whistleblower be able to proceed?

According to the new EU Whistleblower Directive, a whistleblower should first inform his or her employer of the observed violation of the law through the internal reporting channel. It is important to look closely here. A whistleblower can directly contact the competent authorities and the public if:

Tips:

This way you can ensure that the information reaches you first and you can take necessary action.

Which link do the protected whistleblowers have to have with the company?

According to the EU Whistleblower Directive, a whistleblower worthy of protection is anyone who has obtained information about violations of the law in a professional context:

Protection only exists if a whistleblower could assume that the information was true and fell within the scope of the Directive.

Tip: 

With this in mind, you as a business owner should consider opening your reporting channels to suppliers as well. In this way, you ensure holistic protection of persons connected to the company.

What about groups of people not mentioned in the Whistleblower Directive?

The fear of misuse often reflexively comes into focus. What happens if competitors want to boycott your company? What if other people want to publish information that could harm your company? These groups of people are not covered by the Directive’s protection. And most importantly, there is no statistical evidence that the introduction of a whistleblowing system leads to an increase in false reports or a wave of “whistleblowing” in the company. 

What measures may a company take against whistleblowers?

Admittedly, if an employee goes directly to the authorities or to the public, the human disappointment is great. Why didn’t he say anything? Breach of loyalty, abuse of trust, betrayal … If a scandal then threatens, the call for revenge and retribution is great. The EU Whistleblower Directive has prevented this. The catalogue of prohibited reprisals is very comprehensive and reads like a “Who’s Who” of interpersonal instruments of torture. To the point:

Whistleblowers are to be protected from all direct and indirect reprisals! This also includes the protection of third parties who are in close contact with the whistleblower.

Attention:

Conclusion - What is a whistleblower?

The EU Whistleblower Directive provides comprehensive protection for whistleblowers. At first glance, this puts companies at a disadvantage and puts them at high risk of disclosing company secrets. At second glance, the EU Whistleblower Directive is a great opportunity for companies. Employees, suppliers and governing bodies are the first to see when something goes wrong in the company. As a rule, it are individuals who harm the company with their actions. As an entrepreneur, you only find out about it if this behaviour can be reported internally without personal risk. As an entrepreneur, you can help to ensure that this happens.

Appoint external or internal persons of trust whom employees can also contact personally if they wish to submit reports confidentially but not anonymously. In addition, set up a whistleblower system that guarantees anonymity to whistleblowers. This should be easily accessible and very simple to use, regardless of education level. Talk positively about whistleblowing and its great importance for the long-term success of your company. Explain internal reporting channels in a way that is understandable and transparent for all employees.

Would you like to learn more about the lean and fast option of a digital whistleblowing system to implement the EU Whistleblowing Directive? Then feel free to contact one of our experts for a personal discussion and an appointment for a software demo.

Why wait any longer?

Compliant in 5 minutes

Our solution fits to your clients?

Join our partner program

Whistleblower Software von LegalTegrity
in 5 Minuten kennenlernen

Bevor Sie einen Live Demo Termin bei LegalTegrity buchen, können Sie unsere Software in nur 5 Minuten kennenlernen. Fordern Sie unser Demo-Video an, um einen Überblick aller wichtigen Funktionen und Gestaltungsmöglichkeiten des Systems zu erhalten. Sie erhalten das Demo-Video per Mail.