Get useful tips, learn best practices and read the latest newsThe Whistlelink Blog

Choosing a solution for your whistleblowing channel 

Choosing a solution for your whistleblowing channel.

After the EU Whistleblowing Directive came into force on 17 December 2021, organisations in Europe need to implement whistleblowing channels.  

But how do you decide which solution is best for your own organisation? Here are some important things to keep in mind when choosing an external system for your whistleblowing channel.  

What are the requirements of the law?   

The Directive doesn’t set any requirements for the exact design of the organisation’s whistleblowing channel, except that internal solutions must allow for reports in writing and/or orally. If the individual desires, he or she can also request a physical meeting.    

The law also specifies that an organisation must confirm receipt of a report within seven days, and provide feedback to the whistleblower within three months. An organisation must also appoint a responsible person or department of for the channels, and reports must be saved in an appropriate manner. Whistleblowing policies and procedures should also be documented in writing.  

According to the law, the channels must:  

  • Be safe  
  • Guarantee anonymity  
  • Be easily accessible  
  • Follow GDPR guidelines  

Choosing an internal or external solution for your whistleblowing channel  

An organisation can choose to build its own reporting channels and processes. But why tie up resources unnecessarily when they are ready made whistleblowing systems on the market?  

Many organisations choose to use a 3rd party’s external system for its whistleblowing channel. These are SaaS solutions that are built for the purpose and ready to use immediately.  

There is no guarantee that all systems meet the requirements of the EU Whistleblowing Directive or local whistleblowing laws.  

So what should you consider before choosing a system?  

Many of the external systems available on the market may seem functional and compliant, based on what it tells you on its website or in a demo. But, you still need to make sure it does actually help your organisation be compliant. And just as important, is ensuring that the system you choose is both user-friendly and easy to implement and maintain.  

How easy it is to submit a report through your whistleblowing channel? 

Think about what your main goal with the whistleblowing system is. If you want to encourage employees to report wrongdoing, and create a safe environment to do so, you should prioritise a system that offers a range of features, as well as anonymous two-way communication with the whistleblower. It should also be a solution that you can customise for your organisation to make it instantly recognisable to employees.  

Also consider how user-friendly and intuitive the interface is and if the system works on different types of devices, such as PC and mobile. Does the system provider also help you out with user guides and support help? 

GDPR and data security for whistleblowing channels 

Personal data is only secure if the system is secure. Check what measures are taken to protect your organisation against risks. For example, encryption of data, multi-factor verification, access and action control, and protection against external attacks. Also think about it from the whistleblower’s perspective – does the solutions appear safe and credible?  

The EU Directive requires compliance with the GDPR, which covers handling of personal data and data in the whistleblowing channel. Check where your system of choice stores sensitive material and what security measures they take. Following the Schrems II ruling, companies that process personal data of European citizens can no longer use the EU-US Privacy Shield Agreement for the transfer of personal data. By choosing a system that stores date in Europe (EU / EEA area), you avoid that worry.  

Report management  

The systems’ internal processes usually differ when it comes to how to collect and handle reports, or how to forward cases to the assigned person within the organisation. Examine what the case management module looks like in your preferred whistleblowing system. Check if it’s possible to provide limited access to specific roles for individual cases. Some systems may offer greater flexibility and custom-made processes for your organisation.  

External whistleblower service: Technical solutions  

Different systems use various technical solutions for the reporting process and for the software that handles cases. Determine if the system offers features that are important to you, and if it is user-friendly and secure. Consider whether there are built-in features for secure, anonymous two-way communication between the recipient of the report and the whistleblower. 

You can often get a better overall picture of the system by requesting a demo.  

Other Services  

Some solution providers offer other services in addition to the actual whistleblowing system. For example, a provider could offer an external intake management service, or advice on handling individual cases.  

It often makes more economical sense to consider a more comprehensive solution that will be good for the long term. Especially true if your whistleblowing channel is a first step in the development of a more comprehensive risk and compliance management program.  

Choose the right external whistleblowing solutions  

  • As we can see, there is a lot to consider when choosing an external whistleblower system.  
  • The report channels need to be 100% secure 
  • The system must store all data within the EU / EEA  
  • It should be simple and straight forward from someone to access the channel and submit a report 
  • Communication with the whistleblower should allow anonymity 
  • The system should make it easy to forward the case to the right person (s)  

Whistlelink can help you with all of this. Would you like to discuss a whistleblowing system for your organisation?

Get acquainted with our system here and then contact us for further information!

Would you like to learn more about a whistleblowing service and safe internal reporting channels? Read more about the EU Whistleblowing Directive here and at EUR-Lex.

If you have any thoughts about this article or would like to know more about Whistlelink, we’d love to hear from you.

Liked this article?
Spread the word

The EU Whistleblowing Directive explained

Philippa Johnsson,

Try Whistlelink for free

Test our whistleblowing system free for a month

The new whistleblowing law

WHISTLELINK BLOGWhat to read next...​

Internal investigation of alleged corporate misconduct
Partner interview with Alexandra Mota Gomes, Partner at Antas da Cunha, Portugal
Whistleblowing in transport and logistics  


Get in touch

Our team is ready to answer your questions. Find the answer by visiting our support centre, or fill out the form below and we'll be in touch as soon as possible. Or simply give us a call!

Talk with Territory Manager
Annelie Demred

0046 (0)706 83 82 88