On August 7, the President of the Polish Data Protection Authority (UODO), together with other members of the Authority and external experts, organized a seminar to support companies in the implementation in their business processes. The main points of discussion are summarized here:
Expanding the definition of a Whistleblower
During the seminar, it was clarified that the identity of a whistleblower is not limited to their first and last name. Identity also includes all data that can indirectly identify the whistleblower, such as their place of work.
Types of reports that can be submitted
Questions have been raised about the form in which reports can be submitted and whether verbal methods of communication such as telephone calls, although controversial, are acceptable. However, it is important that whistleblowers can be sure that their identity will not be compromised, regardless of the type of report.
More clarity on the retention period for personal data
The seminar also looked at clear procedures for data retention, as the Whistleblower Protection Act brings ambiguity in this area. The retention period calculated for each breach report can vary depending on the breach reported, making it difficult for companies to implement consistent processes.
What you can do now
If your company operates in the EU Member States and employs more than 50 people, you are required to set up a secure and confidential whistleblowing channel.
consentmanager ’s whistleblower software offers you comprehensive support in complying with the EU Whistleblower Directive, including:
- Secure and anonymous storage of messages
- Management of incoming messages
- Establishment of secure reporting channels
Click here to visit our dedicated page, and get started.