Whistleblower Protection Act: New Obligations for Companies and a Milestone for Whistleblower Protection in Germany

On May 12, 2023, the Whistleblower Protection Act (HinSchG) was adopted by the Bundesrat (Federal Council) after an agreement was reached in the mediation committee. This law, based on the EU Whistleblower Directive, aims to improve the protection of whistleblowers in Germany and establish a legal framework for dealing with reports of wrongdoing. The implementation of these new regulations brings additional obligations and information for companies regarding whistleblower protection. In this blog post, we will shed light on the key aspects of the Whistleblower Protection Act and the Whistleblower Directive and explain their significance for startups, companies, and founders. The Whistleblower Protection Act entered into force on July 2, 2023.

What is the Whistleblower Protection Act?

The Whistleblower Protection Act is a national regulation introduced as part of the implementation of the European Whistleblower Directive. It creates clear legal conditions for the protection of whistleblowers who report misconduct, such as corruption, fraud, or violations of data protection regulations, within companies. The directive applies to companies and organizations with more than 50 employees and stipulates that these companies must establish appropriate mechanisms to receive and process reports of violations of various legal and ethical standards.

What are the new obligations under the Whistleblower Protection Act?

With the introduction of the Whistleblower Protection Act, companies are now required to establish internal reporting systems through which whistleblowers can safely report violations. These reporting systems must be easily accessible and ensure the protection of the identity of the individuals involved, such as witnesses or whistleblowers. Companies must also ensure that incoming reports are treated confidentially and thoroughly investigated. It is important to promote a culture of reporting and ensure that whistleblowers do not suffer any disadvantages.

To be prepared for the Whistleblower Protection Act and the Whistleblower Directive, companies and the public sector must consider the following information:

• Companies with 250 or more employees were required to introduce secure whistleblowing systems by mid-June. Companies with 50 to 249 employees had a transition period until December 17, 2023.
• The law also applies to the public sector as well as to cities and municipalities with more than 10,000 inhabitants. These organizations must provide whistleblowing systems from mid-June
• Reports can be submitted orally or in writing, and a personal report is also possible upon request
• The internal reporting office must confirm receipt of the report to the whistleblower within 7 days
• The Whistleblower Protection Act applies to violations of EU and national law, particularly if they involve criminal or administrative offenses that endanger health or life
• Within three months, the reporting office must inform the whistleblower of the measures taken, such as initiating internal investigations or forwarding the report to the appropriate authority
• Companies must protect the identity of whistleblowers while complying with the provisions of the General Data Protection Regulation (GDPR)
• Companies should have information on the supervisory authorities responsible for implementing the Whistleblower Protection Act

The Whistleblowing Directive: An Overview

Originally, the EU Whistleblower Directive was supposed to be transposed into national law by December 17, 2021. However, the first version of the Whistleblower Protection Act was adopted by the Bundestag on December 16, 2022, but the Bundesrat rejected its approval on February 10, 2023. To reach an agreement, the Conciliation Committee was involved.

The EU Whistleblower Directive establishes minimum standards for the protection of whistleblowers in all EU member states and forms the basis for the Whistleblower Protection Act. It defines requirements for reporting systems, the protection of whistleblowers' identities, and the handling of reported information.

The aim of the directive is to promote transparency and integrity in companies. It is intended to enable effective measures against corruption and wrongdoing by providing protection and security to whistleblowers. Companies should see the directive as an opportunity to strengthen their compliance mechanisms and gain the trust of their employees.

Implications for Startups, Companies, and Founders: Preparing for the Whistleblower Protection Act and the Whistleblowing Directive

The Whistleblower Protection Act and the Whistleblowing Directive have implications for companies of all sizes and industries, including startups and founders. It is of great importance for companies to prepare for the new requirements in a timely manner to avoid potential fines and legal disputes. The following are important aspects that startups, companies, and founders should consider to meet the requirements:

1. Establishment of an effective reporting system: Companies must implement a secure reporting system that allows whistleblowers to report violations. This system should be easily accessible and provide clear instructions for reporting misconduct.
2. Protection of whistleblowers: It is crucial for companies to ensure that whistleblowers are protected against disadvantage or retaliation. This requires the implementation of protective measures and raising awareness among employees about the importance of whistleblower protection.
3. Thorough investigation of reports: Every incoming report should be thoroughly and confidentially investigated. Companies need to establish clear procedures on how to handle the reported information and ensure compliance with all relevant legal and regulatory requirements.
4. Clear policies and training: Companies should develop policies for handling reports and inform their employees about them. Training and awareness initiatives are crucial to promote a culture of reporting and strengthen awareness of the importance of integrity and compliance.

The introduction of the Whistleblower Protection Act and the Whistleblowing Directive has significant implications for established companies as well as startups and founders. It is crucial for all companies to understand the new requirements and take appropriate measures to ensure integrity, transparency, and legal compliance in their organizations. By establishing effective reporting systems, protecting whistleblowers, conducting thorough investigations of reports, and implementing clear policies and training, companies can contribute to promoting a culture of reporting and uncovering and addressing potential violations.

The Role of heyData in Compliance with the Whistleblower Protection Act

As a leading provider of data protection solutions and services, heyData has developed an innovative platform to assist companies in addressing their data privacy and compliance requirements. With mattersOut, our whistleblowing software, we offer companies an effective solution for complying with the Whistleblower Protection Act and implementing the EU Whistleblowing Directive.

The Benefits of mattersOut for Companies

mattersOut provides numerous benefits for companies that take whistleblower protection seriously. Here are some of the key advantages:

• Early Detection of Wrongdoings: By establishing an anonymous reporting channel, companies can identify potential wrongdoings at an early stage and respond appropriately. mattersOut enables employees to report incidents securely and without fear of retaliation, helping to uncover and address legal and ethical violations before they escalate into major issues.
• Minimization of Financial Risks: By swiftly detecting fraud or legal cases, companies can minimize financial risks. With mattersOut, companies have the ability to identify potential breaches of data protection regulations or other legal requirements early on and take appropriate actions to avoid legal consequences and financial losses.
• Protection of Corporate Reputation: Safeguarding corporate reputation is of utmost importance. By implementing a whistleblower protection system like mattersOut, companies can ensure that violations and wrongdoings are effectively addressed and resolved. This helps maintain the trust of customers, business partners, and the public in the company, safeguarding its reputation and credibility.
• Strengthening Corporate Culture: A well-functioning whistleblower protection system fosters a corporate culture of openness, transparency, and integrity. By providing employees with the opportunity to report incidents without fearing negative consequences, they feel empowered to take responsibility and contribute to uncovering wrongdoings. This strengthens the corporate culture and creates a positive work environment.
• Efficiency in Case Management: mattersOut optimizes the workflow of designated individuals by providing intuitive and functional tools. These tools support them in various tasks such as obtaining expert opinions, sending acknowledgments of receipt, and answering factual questions. mattersOut offers a user-friendly dashboard that helps designated individuals maintain control and stay on top of their tasks.

How mattersOut Works

mattersOut is easy to implement and user-friendly. Employees have the option to report incidents securely and anonymously, without the need for a login, in just three simple steps. The reported incidents are treated confidentially and handled by a designated individual within the company. mattersOut provides a secure and protected communication channel that ensures the anonymity of whistleblowers.

The new Whistleblower Protection Act allows companies to decide whether they want to establish an anonymous whistleblower protection system or if the disclosure of the identity of reporting individuals is a requirement for submitting a report. mattersOut aligns precisely with this: our platform is flexible to accommodate this decision by companies.

Conclusion

The Whistleblower Protection Act and the Whistleblowing Directive bring new obligations and information for companies. Startups, businesses, and founders should familiarize themselves with the requirements and take measures to ensure the protection of whistleblowers. Establishing an effective reporting system, protecting the identity of whistleblowers, and conducting thorough investigations are crucial steps to strengthen integrity and compliance within companies.

The implementation of these new laws should not be seen as a burden but as an opportunity to improve corporate culture and gain the trust of employees. Companies that act proactively and prioritize data privacy and ethics will be more successful in the long run, earning the trust of their customers and partners.

The new Whistleblower Protection Act and the EU Whistleblowing Directive impose new requirements on companies and organizations. It is important for companies to implement appropriate mechanisms for receiving and processing reports to protect whistleblowers and uncover legal and ethical violations. With mattersOut, heyData provides an effective solution to support companies in meeting these requirements.

mattersOut allows companies to establish a secure and anonymous channel for whistleblowers to report potential wrongdoings. By detecting violations at an early stage, companies can take appropriate measures to address and rectify them, preventing further harm. At the same time, mattersOut protects the identity of whistleblowers, ensuring they do not have to fear retaliation.

It is important to note that heyData has placed great emphasis on data privacy and security in the development of mattersOut. All data collected through the platform is treated confidentially and subject to strict security measures to ensure the protection of personal information. mattersOut complies with the requirements of the GDPR and other relevant data protection laws.

Contact our team at heyData today to learn more about mattersOut and how we can support you in complying with the new regulations.