The scope of the Whistleblower Protection Act
On 24 June 2021, Denmark passed a Whistleblower Protection Act in accordance with the requirements set out in the EU Whistleblowing Directive (2019/1937) of 23 October 2019.
The new Danish Act stipulates that all employers, both private and public, with at least 50 employees must set up an internal whistleblower system through which employees can raise concerns.
The internal whistleblower system must be available to all employees in the company. It is optional for the employer to make the whistleblower system available to other persons than employees, e.g. self-employed consultants working for the company.
The requirements of the internal whistleblower system
The internal whistleblower system must comply with several requirements and procedures including that the system must ensure that whistleblowers can raise concerns either orally or in writing. In addition, the system must be set up to ensure confidentiality as to the identity of the whistleblower, and all employers must document the implementation of and the procedures for the whistleblower system in writing.
The employer must establish an internal "whistleblower unit" by appointing an impartial person or department within the company or by using an externally independent third party. This unit must receive and follow up on concerns and be in contact with the whistleblowers. In addition, the unit must ensure (i) that the whistleblowers receive confirmation of receipt of the concerns within seven days, (ii) that the concerns are followed up on and (iii) that the whistleblowers receive feedback as soon as possible and no later than three months after the confirmation of receipt.
External whistleblower system
From 17 December 2021, an independent and external whistleblower system has been set up within the Danish Data Protection Agency. This may be used as a supplement to the internal whistleblower systems so that whistleblowers may contact the external system directly instead of using the internal systems. The external system will also make it possible for e.g. employees in small workplaces with less than 50 employees and consequently without an internal whistleblower system to raise concerns.
Concerns
The concerns that can be raised are breaches in specific areas of EU law such as environmental protection, consumer rights, etc. and other serious breaches of law or serious circumstances such as information about crime, for example misuse of financial funds, embezzlement, sexual harassment, etc. Minor breaches are not covered. It depends on a specific assessment in each case whether a concern raised is considered a serious breach or circumstance, and it is ultimately for the courts to decide whether a concern raised falls within the scope of the Act.
Protection of the whistleblower
The Act protects whistleblowers against reprisals including dismissal and other detrimental treatment when the whistleblower raises a concern that he or she has become aware of in connection with work-related activities, and the information falls within the scope of the Act.
If an employee proves that he or she has raised a concern and suffered detrimental treatment, the employer must prove that it was not retaliation due to raising the concern. The whistleblower is entitled to compensation if he or she has been subjected to reprisals, and it is also possible that dismissal may be cancelled.
Deadline for implementation
The rules entered into force for public authorities and for private companies with more than 249 employees on 17 December 2021. The rules will enter into force on 17 December 2023 for private companies with 50-249 employees. This is in line with the EU Whistleblowing Directive's deadline for implementation.
If an employer fails to set up a whistleblower system before the rules enter into force, the employer may be fined.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
