New year, new whistleblowing directive

Does your company have 50* or more employees? If so, you will have less than 11 months to put in place policies and procedures to be compliant with the upcoming EU whistleblowing directive.

The EU whistleblowing directive 

The new EU whistleblowing directive means that you need to set up a practical structure within your organisation to handle whistleblowing reports, and inform anyone who is eligible to provide a report, no later than the 17th of December this year. 

What is whistleblowing?

Whistleblowing is when someone involved with your company (ranging from employee to subcontractor) notices, or suspects, any acts of unethical, illegal, or dangerous behaviour within your company (covering all levels from directors down to substitutes), and "whistleblows" by submitting a report directly to the company. 

Whistleblowing is regulated by an EU directive, which means that it will be implemented slightly differently throughout the EU member states. The purpose of the legislation is to protect whistleblowers from being reprimanded, as well as to give companies a chance to take action internally before the whistleblower calls for attention externally.

2 Key Points of the EU directive:

  • Processes for receiving whistleblowing reports

The directive requires processes to be in place to allow whistleblowers to submit reports in writing, verbally and/or, if requested, at a physical meeting. It is therefore crucial that you review and adjust your current reporting procedure as soon as possible to ensure compliance.

External platforms are often the most convenient, secure and compliant way to deal with whistleblowing reports. Platforms such as WhistleLog** provides a secure channel for receiving reports and storing personal data from the reports on a server within the EU. 

  • Create a whistleblowing policy (or review your existing one)

The directive requires that you set up clear and easily accessible information about your company’s internal, as well as external, reporting procedures to be made available to anyone eligible to submit a whistleblowing report. Use PocketLaw to remain compliant, provide access and create your new whistleblowing policy today

Pro tips: How to handle reports 

  1. As it is highly likely that the information within whistleblowing reports would be sensitive, it is important to appoint an appropriate person or a unit to handle and investigate the accuracy of such whistleblowing reports. 

  2. Furthermore, you must always provide an acknowledgment of receipt within seven days of receiving a whistleblowing report, and account for measures taken to the whistleblower within three months from the acknowledgement of receipt. 

*Note: the directive does not apply to the UK and this threshold could be lower in certain EU countries depending on the implementation of the directive in each member’s state’s respective national legislation.

**Note: PocketLaw’s customers will be entitled to exclusive discounts on
WhistleLog’s services. To find out more about the available offers, please contact us at

Book a personalized demo

Enterprise ready.

ISO 27001 certified and GDPR compliant. Data encrypted at rest with AES 256 and in transit with TLS 1.2+.

For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.