YOUR
Search

    22.02.2021

    Whistleblower Protection Act: New Whistleblowing Duties Affect Medium-Sized Companies


    • New Act stipulates new duties for all companies with more than 50 employees, including freelancers.
    • From December 2021 at the latest, affected companies are to set up their own whistleblowing system for employees, customers, suppliers and other third parties so that they may anonymously report (alleged) irregularities in the company.
    • Whistleblowers are allowed to inform the authorities or the public directly if the company does not offer its own anonymous whistleblowing system.
    • Affected companies must therefore offer their own whistleblowing system in order to comply with their new legal duties and to prevent whistleblowers from contacting authorities or the public.
    • New liability risks for management in case of passivity.
    • The national Act implementing EU law has been published and does not provide for any relief for companies.

     

    What is the EU Whistleblowing Directive?

     

    The Directive determines new compliance duties. Specifically, companies must create opportunities for employees and third parties to anonymously report alleged and actual irregularities (= internal whistleblower system). The idea is that the company's management will thereby become aware of (alleged) irregularities and be able to react. The national legislation must to transpose the Directive. The corresponding draft bill is now available and can be downloaded here (in German): Link.

     

    Who is affected?

     

    The EU Whistleblowing Directive applies to all companies with 50 employees or more and to companies with a turnover of EUR 10m per year or more. Companies in the financial services sector must establish internal whistleblowing systems regardless of the number of employees.

     

    Furthermore, the EU Whistleblowing Directive now provides extensive protection for employees. They can report irregularities both to their own company as well as to external bodies (authorities) without having to fear labour law sanctions. This is especially true if there is no internal whistleblowing system.

     

    Which violations may employees report?

     

    Employees, customers, suppliers and other third parties may ‑ as of today ‑ report violations of EU law (e.g. data protection law), violations of national law (e.g. working time violations) as well as violations of internal policies to the internal or external whistleblowing system.

     

    What do affected companies have to be prepared for?

     

    The legislator has the explicit goal that especially medium-sized companies deal more actively with the topic of compliance and take first measures. In order to enforce these goals and increase the pressure, authorities must now provide their own, so-called external whistleblowing systems.  In this way, authorities are to become aware of wrongdoings within companies. Employees are also allowed to report grievances directly to the public if companies or authorities do not follow up on their tips. All in all, companies must prepare themselves for the wind blowing a little harder from the legislator which will focus in particular on grievances and breaches of rules within the private sector.

     

    Are there new liability risks?

     

    Yes, there are. Compliance violations often lead to personal liability of those involved. Compliance violations may also lead to personal liability of (uninvolved) directors, unless they have taken precautionary measures, such as establishing an internal whistleblowing system. The breach of the new obligation to establish such an internal whistleblowing system further increases the liability risks.

     

    How must reports be handled under data protection law?

     

    The Whistleblowing Directive stipulates that data processing may not violate the General Data Protection Regulation. This does not make it any easier to establish whistleblowing systems in practice. After all, the Whistleblowing Directive protects the individual whistleblower, while the GDPR protects the accused in addition to the whistleblower. This may lead to conflicts.

     

    Do affected companies have to act now and prepare the whistleblowing system?

     

    Companies should apply the necessary judgment. Specifically, it is good advice to talk to an expert about the initial situation in one's own company and to establish one's own internal whistleblowing system with extra time before the new regulations come into force on 17 December 2021, i.e. in the 2nd or 3rd quarter of 2021. Here, the commissioning of an external compliance trust agency which can provide such a whistleblowing system as an external service provider (at low cost), is an option. Then the management would be exempt from liability while the company fulfils the new obligations.

     

    Dr Maximilian Degenhart

     

    ADVANT Beiten Advises Shareholder of 'Flam…
    Frankfurt, 9 September 2024 – The international law firm ADVANT Beiten has rende…
    Read more
    German Federal Court of Justice (BGH) conf…
    A vote cast contrary to a voting commitment is valid, even if all shareholders e…
    Read more
    All gone: retroactive withdrawal of the ma…
    The retroactive and complete withdrawal of a non-competition compensation in the…
    Read more
    General meeting: ban on bringing devices s…
    Shareholders may not generally be prohibited from merely carrying mobile phones …
    Read more
    ADVANT Beiten Advises the Herder Publishin…
    Freiburg, 6 August 2024 – The international law firm ADVANT Beiten has advised H…
    Read more
    ADVANT Beiten Advises Shareholders of Fisc…
    Freiburg, 5 August 2024 – The international law firm ADVANT Beiten has advised t…
    Read more
    The fight against corruption: introducing …
    1. Introduction Since 18 June 2024, the "inadmissible representation of interes…
    Read more
    ADVANT Beiten and ADVANT Nctm Advise BKW o…
    Freiburg, 17 July 2024 – The international law firm ADVANT Beiten has − together…
    Read more
    ADVANT Beiten Advises Dusseldorf-Based MedTech Company CUREosity Again on Financing Round
    Dusseldorf, 2 July 2024 – The international commercial law firm ADVANT Beiten has advised CUREosity GmbH, Dusseldorf, on a growth financing round which brought the medtech company a total of approximately …
    Read more