How to get compliant with the Italian Whistleblowing Law
Facilitating, implementing, and managing whistleblowing channels that receive reports on corruption, fraud and other types of corporate malpractice is important and will ensure a better working environment. However, whistleblowing channels in all organisations also need to be compliant with the GDPR.
The General Data Protection Regulation (GDPR) regulates the protection of individuals with regard to the processing and transfer of personal data. This regulation has a European scope. It is necessary to align the information in the whistleblowing case with the GDPR, as whistleblowing often entails sensitive information. The organisation’s whistleblowing channel has to be a safe place for both the whistleblowers and the data. The regulations apply to all personal data, including that of the whistleblower and the reported party, that is processed within the whistleblowing channel.
The data provided through any whistleblowing channel is usually of a sensitive and confidential nature. Both whistleblowers and entities or individuals that are the subject of a whistleblowing complaint must always be informed about how their data is processed, managed, and stored. It is also mandatory to inform stakeholders about the implementation of the reporting channel as well as how each report is received and managed.
The maximum period for informing data subjects is between one and three months. This is true for both parties, regardless of whether the information comes from an anonymous source or whether the informant’s details have been provided.
Anonymous whistleblowing is sometimes discouraged. In fact, the European Data Protection Supervisor (EDPS) have previously advised against anonymity. The reasoning is that knowing the source of the information helps to protect the whistleblower and facilitates the investigation of the case.
However, anonymous whistleblowing (made possible, for example, through a digital whistleblowing solution) offers an even higher degree of protection for the whistleblower, who may otherwise face retaliation or negative consequences for speaking up. Anonymous reporting allows the whistleblower to remain unidentified, even for the receiver of the report. This can help ensure the integrity of the shared information.
It goes without saying that all information provided in a whistleblower case is confidential. This is regardless of whether its origin is known or whether the source is anonymous.
Are you looking for a safe and secure whistleblowing solution or want to discuss a whistleblowing system for your organisation? Please book a free demo!
Pokud máte nějaké komentáře k tomuto článku nebo se chcete dozvědět více o systému Whistlelink, rádi si vyslechneme váš názor.
Společnost Whistlelink si váží vašeho soukromí. Budeme vás kontaktovat pouze ohledně našich řešení.Z odběru se můžete kdykoli odhlásit. Další informace naleznete v našich Zásadách ochrany osobních údajů.
Tuesday | 11:00 – 11:30
S RADOSTÍ SE S VÁMI SETKÁME
TĚŠÍ NÁS, ŽE VÁS POTKÁVÁME
Vaše soukromí je pro nás důležité. Budeme vás kontaktovat pouze v případě, že se to týká našich řešení.
HAPPY TO MEET YOU!
Whistlelink values your privacy. We will only contact you about our solutions.
You may unsubscribe at any time. For more info, please review our Privacy Policy
