With just approximately two months to go until new whistleblowing laws come into force across Europe, new research shows that many organisations remain somewhat in the dark about what they mean. WhistleB parent company NAVEX Global has surveyed 2,250 people across nine EU member countries to explore the level of awareness and preparedness for the new EU Whistleblower Protection Directive in the region. 

The survey of business leaders shows that a significant minority of 16% have never heard of the Directive. Even among the 83% of respondents that said they were aware of the Directive, just 46% said they fully understood it. 

Two major factors might be behind this finding.

“Organisational agendas have been dominated by surviving the COVID-19 pandemic during the last 18 months so longer-term compliance issues may not have been given the highest priority. And governments have largely been in the same boat, so in some countries the legislation transposing the Directive into local laws is also behind schedule. This might mean the issue hasn't received much bandwidth in the media and other channels,” says WhistleB co-founder Karin Henriksson. 

As 42% of organisations agreed, a lack of awareness is a serious barrier when it comes to compliance. Further, without the final local laws many organisations may feel unable to complete their compliance preparations. 

“I'm afraid that companies that wait are now at risk of ending up in a last-minute GDPR-like situation. But the EU Directive provides a minimum level of requirements that we already know of today. So business leaders needn't feel paralysed until the local laws are in place,” adds Karin Henriksson.

That's good news for anybody who still feels in the dark about the new whistleblowing laws, but wants to avoid an eleventh-hour rush to comply. We recommend companies review the seven minimum requirements (see below), and identify solutions that can help fulfil them. 

  1. A secure channel for receiving whistleblower reports must be put in place.
  2. Acknowledgment of the receipt of the report must be provided to the whistleblower within seven days.
  3. An impartial person or department must be appointed to follow up on the reports.
  4. Records must be kept of every report received, in compliance with confidentiality requirements.
  5. There must be diligent follow-up of the report by the designated person or department.
  6. Feedback about the report follow-up must be given to the whistleblower within three months.
  7. All processing of personal data must be done in accordance with the GDPR.

An executive summary of the findings of the new research from Navex Global  is available here.  The full report containing data and insight will be available later in October.

WhistleB is a GDPR-compliant, secure, technical whistleblowing platform that helps organisations manage whistleblowing cases and comply with the requirements of the new whistleblowing laws across Europe. 

Originally Published 14 October 2021

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.