How to get compliant with the Whistleblowing Law
In some companies, a whistleblower can report a violation of labour law if the employer provides for this possibility. This ensures that such notifications are handled according to the rules established in whistleblower legislation.
During the legislative work on the Act on the Protection of Whistleblowers (Act of 14 June 2024 on the Protection of Whistleblowers; Journal of Laws of 2024, item 928; hereinafter referred to as the Act), labour law was initially included but subsequently removed from the list of violations that must be reported by whistleblowers. Eventually, the Senate excluded this category, leading the legislator to decide that the Act does not mandate the reportability of misconduct in this area. Consequently, employers are not required to address labour law violations under the Act’s procedures.
However, this does not mean that individuals wishing to report violations in the area of labour law will be left without recourse. Whistleblowers will still have tools to report such violations and can obtain protection against retaliatory actions, such as dismissal, deterioration of employment conditions, harassment, or unequal treatment.
The law, which will take effect for entities employing at least 50 people from 24 September 2024, specifies in Article 3(1) the areas of the law whose violations must be reported to obtain whistleblower status. Notifications of these violations must be compulsorily processed by companies according to the terms of the Act. These terms include, in particular, the obligation to meet deadlines for acknowledging the receipt of such notifications and providing feedback to the whistleblower, ensuring appropriate notification channels, and maintaining high standards of confidentiality for the data covered by the notification.
This is a closed catalogue and includes breaches such as corruption, data protection and privacy, cybersecurity, environmental protection, and public procurement, among others.
However, paragraph 2 of this provision stipulates that a legal entity, in its own internal notification procedure, may also choose to extend this catalogue to include violations relating to its internal regulations or ethical standards, established based on generally applicable law and in compliance with it. What does this mean in practice?
The regulation-based internal regulations cited in Article 3(2) of the Act include, for example, work regulations, remuneration and bonus regulations, collective agreements, company health and safety regulations, anti-mobbing or anti-discrimination procedures, and company codes of ethics. These regulations are primarily anchored in the Labour Code, but they may also be based on service pragmatics or other provisions of generally applicable law.
Importantly, the Act does not limit these internal regulations to the HR area alone. They may also pertain to other areas, such as rules for cooperation with contractors, industry regulations, and internal regulations provided for by sectoral legislation.
To enable the reporting of violations of company regulations under the internal reporting procedure, the following conditions must be met:
It is not necessary to include all internal procedures in a whistleblower protection programme. A legal entity may choose to include only selected ones if deemed reasonable. For instance, a company may decide to include only internal health and safety standards, which can be a reasonable and justifiable solution, particularly in manufacturing companies.
However, this decision must always be consulted with the employer’s trade union organisations or employee representatives as part of the implementation of the procedure in the entity concerned. Although this consultation is not binding on the employer, it is a mandatory part of the implementation of the internal notification procedure.
At this stage, many employers exhibit a certain reluctance to include additional areas in the catalogue of violations that a whistleblower can report. This hesitation is likely due to the introduction of a completely new regulation, which in itself poses a significant logistical challenge for businesses, even assuming the minimum scope of implementation envisaged by the Act.
Many entrepreneurs prefer to dedicate the initial period after introducing a whistleblower protection programme in their organisation to observe how the team receives it. They are particularly interested in the volume and nature of notifications made, especially the extent to which these reports are factual and fall within the catalogue of notifications explicitly provided for by the Act.
However, if an organisation decides to extend the internal reporting procedure to include internal regulations (such as bullying issues), it is wise to harmonise and integrate existing solutions with the newly introduced procedure.
Unifying the modus operandi will undoubtedly provide greater comfort to potential whistleblowers, who will not have to deliberate on the appropriate or more effective mode of reporting for a given breach. This integration will eliminate the need for the notifier to specify under which procedure they want to report the irregularity they have observed. It is crucial to remember that the person making the report does not need to possess specialist knowledge of the branch of law to which their intervention relates. It is the responsibility of the person or team receiving reports to identify and verify them in terms of form and substance.
When deciding to expand the catalogue of violations in the internal notification procedure to include company regulations, it is crucial to emphasise that such violations can only be effectively reported at the company level. Article 3(2) of the Act clearly indicates that if the catalogue of violations is expanded, the provisions regulating external notifications (addressed to public authorities, typically the Ombudsman) and public disclosure do not apply to these internal violations.
This is primarily because the most effective response to these types of violations is likely to occur within the affected organisation itself. Additionally, these regulations often pertain to matters of such an internal and entity-specific nature that corrective action by an external body would be impractical or impossible.
This article is a guest post from Ślązak, Zapiór and Partners Law Firm in Poland. Please visit their website to learn more about their services!
Follow the Whistlelink blog to stay updated about the latest news and corporate best practices!
Would you like to learn more about a whistleblowing service and safe internal reporting channels? Explore Whistlelink’s all-in-one solution here or book a free demo with our team of whistleblowing experts.
If you have any thoughts about this article or would like to know more about Whistlelink, we’d love to hear from you.
Whistlelink values your privacy. We will only contact you about our solutions.
You may unsubscribe at any time. For more info, please review our Privacy Policy
Nice to meet you!
HAPPY TO MEET YOU!
Whistlelink values your privacy. We will only contact you about our solutions.
You may unsubscribe at any time. For more info, please review our Privacy Policy
HAPPY TO MEET YOU!
Whistlelink values your privacy. We will only contact you about our solutions.
You may unsubscribe at any time. For more info, please review our Privacy Policy