Skip to main content
News

The Whistleblower Directive

21. October, 2021No Comments

The Whistleblower Directive

Directive (EU) 2019/1937 of the European Parliament and of the Council on the protection of persons who report breaches of Union law – the Whistle-blower Directive – entered into force on 23 October 2019, and the deadline for its transposition into the national law of the Member States expires on 17 December 2021. Implementing the Directive will thus bring into force new rules that set out clear procedures for notification and employers’ obligations, secure reporting channels, and prevent retaliatory measures and, therefore, provide comprehensive whistleblower protection. A draft of a law transposing the Directive into Slovenian national law has not yet been published. 

The Directive provides the basis and minimum standards for protecting persons who report breaches in numerous areas of Union law. These areas include public procurement, financial services and anti-money laundering, privacy and personal data protection, tax law and a host of other areas. 
Under the Directive, legal entities in the public and private sector who employ 50 or more employees will be required to establish appropriate IT systems, procedures or channels for reporting and investigating reports, as well as protecting whistleblowers. All channels will have to allow for confidentiality and protection of the identity of both the reporting person and the person against whom it was filed. The Directive provides for different structures of channels and procedures for different types of breach report. In this respect, a distinction is drawn between: (i) internal reporting (reporting made within the legal entity); (ii) external reporting (reporting made to the competent (public) authorities); and (iii) public disclosure (providing information on breaches directly to the public). To comply with the Directive, the above-mentioned legal entities will have to establish appropriate internal channels – designed, established and managed securely – to ensure the confidentiality of the whistleblower and any third parties mentioned in the report and prevent unauthorised personnel from accessing these channels and communication concerning the report. The procedures must provide for acknowledgement of receipt of reports, designation of an impartial person or department responsible for following-up on the reports, and a system for providing feedback or closure of the procedures within three months from acknowledgment of receipt of a report. Legal entities covered by the Directive will be required to keep proper records of reports. 
The new whistleblower protection rules protect not only reporting persons i.e. persons who have in one way or another acquired information on breaches in a work-related context (employees, external partners, former employees and even job applicants, etc.), but also all third parties connected in one way or another to reporting persons (e.g. facilitators) or who may suffer retaliatory measures in the workplace, e.g. a whistleblower’s relatives or co-workers. 
To ensure the effective enforcement of the Directive or the relevant national legislation, the Directive also provides for appropriate safeguards for reporting persons or whistleblowers. In this context, measures to protect whistleblowers from retaliation include protection against loss of employment, transfer or demotion, withholding of promotion, imposition of disciplinary and other measures. To this end, in addition to the prohibition of retaliation per se, the Directive also provides for the provision of effective, proportionate and dissuasive penalties for legal and natural persons that hinder or attempt to hinder whistleblowing, retaliate against whistleblowers or breach the duty of maintaining the confidentiality of the identity of whistleblowers. 
The duty to establish a robust whistleblower protection mechanism will see most legal entities return to familiar ground shortly as a similar process ensued following the adoption of the General Data Protection Regulation in 2018. 
Author: Eva Možina, Attorney-at-Law