EU Whistleblowing
Directive

Protect whistleblowers and company’s reputation with Ethicontrol's online platform
Map of European Union
A hand of a whistleblower holding a loudspeaker

Must-do's

Responsibility

Companies must determine the “most suitable” person to receive and follow up on reports internally.
This could be a:
- Compliance officer;
- Head of HR;
- Legal counsel;
- Chief Financial Officer (CFO);
- Executive board member or management;
- Companies can also outsource the processing of reports.

Trackability

Whistleblowers should have the ability to check the status of their reports.
The reporting person needs to be informed of the receipt of the report within 7 days and provided feedback no later than in 3 months.
There is no defined time limit within which the follow-up actions need to be completed.

Multichannel

A reporter should be able to submit reports:
- In writing via an online system;
- A mailbox or by post;
- Orally via a telephone hotline or answering machine system.
Companies are also obliged to offer a personal meeting should the whistleblower request it.

Confidentiality and data safety

Companies must ensure that the identity of the whistleblower is kept confidential regardless of which reporting channel is used.
The hotline should follow the principles of General Data Protection Regulation (or GDPR).
All the involved should be guaranteed protection from data leak: reporting person, concerned person and third people mentioned in the report. Only authorized persons can have access to gathered information.
days to acknowledge the receipt of the report and inform the whistleblower
7
months timeframe for an investigation and informing a reporting person about the outcome
3
months timeframe extension is possible where necessary due to the specific circumstances
6

15 key introductions

Obligation to have a whistleblowing channel for EU organizations and its subsidiaries (anywhere) of any ownership type regardless of industry with a headcount over 250 since 31/12/2021, and over 50 since 17/12/2023
Obligation to provide a choice to whistleblowers between internal and external channels.
The channels can be organized by a third party.
The internal channel should be available for to the company’s workers and may expand to other people
The reporting channels should be “friendly” and support continuous communication. Optional for anonymous whistleblowers.
Most of the breaches of public interest to be covered as channels topics
Obligation to acknowledge receipt, report on progress, receive/give feedback
The legal protection of whistleblowers should not depend on motives, employment, legal status, nationality or other factors.
Right of whistleblowers to be wrong (shifted burden of proof)
Protection of whistleblowers in case of public disclosure
The response staff should be professionally trained
Roles should be clearly defined. Each report should have a single responsible person
Records should be safeguarded and stored
Rights of alleged wrongdoers to be informed and heard
Relief from NDAs and criminal offenses for secret disclosure if the information is legally obtained
Protection from retaliation — both for the whistleblower and related persons
Obligation to have a whistleblowing channel for EU organizations and its subsidiaries (anywhere) of any ownership type regardless of industry with a headcount over 250 since 31/12/2021, and over 50 since 17/12/2023
Obligation to provide a choice to whistleblowers between internal and external channels.
The channels can be organized by a third party.
The internal channel should be available for to the company’s workers and may expand to other people
The reporting channels should be “friendly” and support continuous communication. Optional for anonymous whistleblowers.
Most of the breaches of public interest to be covered as channels topics
Obligation to acknowledge receipt, report on progress, receive/give feedback
The legal protection of whistleblowers should not depend on motives, employment, legal status, nationality or other factors.
Right of whistleblowers to be wrong (shifted burden of proof)
Protection of whistleblowers in case of public disclosure
The response staff should be professionally trained
Roles should be clearly defined. Each report should have a single responsible person
Records should be safeguarded and stored
Rights of alleged wrongdoers to be informed and heard
Relief from NDAs and criminal offenses for secret disclosure if the information is legally obtained
Protection from retaliation — both for the whistleblower and related persons

Start from 89 EUR per month

Our online platform is 100% compliant with the Directive and goes much beyond it
Unlimited
Reports, users, employees, cases
60+ 
Intake languages and features of machine or manual translations
10+ 
Dedicated intake channels
72 hrs
To go live with the default settings
Turnkey solution
Our experience and our numerous client's expertise are embedded into the platform with ready made business process
Framework friendly
Compliant with other laws and frameworks: FCPA, UKBA, SAPIN II, PIDA, ISO 37001, ISO 37002, ESG
GDPR aware
At policy, entity and platform level. Our Privacy Information Management System is certified under ISO 27701
Secure
Data stored within EU in certified data centers.
We are certified under ISO 27001

Comply in three steps

Choose your plan
Select the features suitable for your company’s needs
1
Test and adjust
Customize the platform and get to know the features
2
Promote and use
Spread awareness among your employees and start resolving the cases
3

Our latest thinking

EU Whistleblowing Directive Cheatsheet
Please leave your request with this form.
We will review it manually and share the document within couple of days.
We promise not to spam you. We also care about confidentiality and personal data protection. Check our Privacy Policy
By submitting this form you confirm that you have read our Privacy Policy and would like to receive emails from Ethicontrol.
We will get in touch with you!
Painless ethics management and compliance is a click away from you.
Approximate employees count
0
50000
Confirm your interest
We promise not to spam you. We also care about confidentiality and personal data protection.