NorthWhistle’s essential six

by: NorthWhistle

The fundamentals for great company culture, happy employees, and compliance with the EU whistleblower protection directive.

Having a good, reliable whistleblower policy is crucial for any organization that wants to encourage a healthy and transparent atmosphere and stay compliant with the EU Whistleblower Protection Directive (2019/1937). The directive requires all companies with 250 or more employees operating in a member state of the EU to implement a whistleblowing policy by December 17, 2021, and with 50 or more employees by 2023. 

Here are NorthWhistle’s essential 6 to make your organization compliant with the directive and ensure an efficient and straightforward process.

  1. Ensure that the selected whistleblowing service’s system can manage reports and ongoing communication that is 100% confidential between the whistleblower and the manager for continuous investigation.

    • The system needs to encrypt phone numbers and scramble voices to file reports using both text and voice.

    • Ensure that it’s possible to share photos, videos, other files, and that meta-data is deleted from all types of media files.
    • Note: Your local mailbox and phone line are not anonymous channels. Systems requiring login credentials can be backtraced to a person and can therefore not guarantee anonymity.

  1. Assign at least one manager to shoulder the responsibility of handling incoming reports of misconduct within your organization. It’s preferred to assign either the HR Director, legal advisor, or the compliance officer to this role.

    • For larger organizations, you should assign multiple managers. Ensure that your system has security features that make it possible to share specific reports with dedicated managers. Corporate groups exceeding 250 employees need dedicated channels for each individual company.
    • Managers should be able to assign other managers or other relevant people to look at a report.
    • Ensure that the system has flexible features, such as configuring report categories and organizational structures.
    • A safe notification feature is required to allow managers to keep track of new reports, updates, and relevant deadlines required by law. The law requires you to send an acknowledgment of receipt within 7 days after receiving notice send feedback to the whistleblower within 3 months.

  1. To further simplify handling and ongoing work with incoming reports, here are some key features that will make your process smooth and efficient.

    • For multilingual organizations, ensure that your service has an integrated translator.
    • The possibility to invite and lend a hand from legal advisors or other competencies that can contribute with solutions and counteractions.
    • The option to categorize reports into different sections of the organization.
    • Make it possible to track filed complaints and ongoing subjects.

  1. The directive requires you to provide all personnel with information about accessing the system, reporting issues, and who the whistleblowers should turn to if they don’t feel heard. Ensure that you educate your employees about whistleblowers’ safety under the protection that the EU Whistleblower Directive regulates.Ensure that the information reaches everybody related to your business, direct or indirect, such as workers, shareholders, administration, management, or supervisors, including non-executive members, volunteers, and trainees – paid or unpaid. Self-employed staff, such as consultants and freelancers, and anyone working for or with your contractors, subcontractors, and suppliers must receive the information.Additionally, you can:

    • Post a link on the intranet.
    • Add a link to your company’s website.
    • Put up QR-codes with brief instructions on how to scan and file reports in office spaces so that each person can report without others seeing it. For remote workplaces, you need to ensure that remote employees have instructions on how to file reports.
    • Ensure that the system is easily accessible by phone since many co-workers don’t have daily access to a computer.

  1. Make sure you service is compliant with GDPR and that your GDPR documents are updated.

    • Ensure that your service is GDPR safe by design and that no data is sent outside the EU.
    • If you decide to involve a third party, ensure that the system assigns the primary point of contact to internal parties before applying a third party.
    • Make sure your translation service is automated.
    • Market-leading services should store detailed audit logs of each report.
    • Ensure that the service can delete all traces of personal data after finalizing a report.

  1. Ensure that you integrate your whistleblowing policy into your Code of Conduct, Code of Ethics, or Environmental and Social Governance (ESG) strategy. Also update your GDPR documents.

NorthWhistle is offering the most valuable whistleblowing service on the market and the only system capable of recording and distorting voices for 100% anonymous recordings.

  • Confidentiality – The whistleblowers have 100% anonymity and protection from retaliation and victimization.
  • Customization – Allowing you to tailor the service after your preferences.
  • Compliance – Complying with GDPR and the EU Whistleblower Directive.
  • Conversational – User-friendly interface with live chat where both the responsible manager(s) and the whistleblower can discuss and follow the report.
  • Control – Notifications from new reports and updates for ongoing subjects, sent in real-time by email to the manager(s) that handles the concern.

You can read more about the powerful user interface and features of NorthWhistle here or schedule a call with one of our experts below.