Don’t let the requirements of a directive make implementation more challenging that it needs to be. With this simple guide, you’ll soon have the essentials to get your whistleblowing programme started.

Get started

Start by breaking implementation down into these three manageable steps. If you don’t have any of these in place, read on to learn what’s involved at each step. If you have already completed one or two, great, just move on to what you are missing. 

1. Write your whistleblowing policy

A policy provides guidance on how whistleblowing is handled in an organisation and indicates that you take employees’ reports seriously. There is no one-size-fits-all policy, however, there are some good practice basics to include, which we run through here.


  • Why

Make it clear why a whistleblowing policy exits and what the benefits of having a reporting system are. Show you’re committed to hearing employees concerns by providing an accessible and safe environment to do so. 


  • Who

Reporting misconduct isn’t limited to current employees, so include everyone who falls under your whistleblowing policy. For instance, contractors, partners, suppliers, board members, former employees, job applicants, and so on.


  • What

Use this section to outline what people can report on. Help them understand the difference between reporting a serious concern rather than a personal grievance. Also, be clear that whistleblowers won’t be retaliated against.


  • How

Now provide details on how to report concerns and how the information will be handled. Give employees more confidence by helping them understand what the whistleblowing process looks like and how they will be protected. 

2. Choose how to handle reports

Having a policy is a great start and, if you haven’t already, you now need to decide how to handle reports.

The EU Whistleblowing Directive requires companies to create and manage secure reporting channels that keep the identity of the whistleblower anonymous. 

This means providing a way for people to disclose information safely. For instance in writing via an online platform or physical post, and/or verbally by phone or a messaging system.  

Whichever method(s) you choose, your reporting channel(s) must provide the following:

  • Security
  • Anonymity
  • Accessibility
  • Feedback
  • A designated owner
  • Records of every report
  • Adherence to timeframes
  • GDPR compliance

Online systems, such as Whistlelink are designed to take care of all of the above. With a subscription, you get your own whistleblowing site with everything set-up and ready for you to use right away. 

3. Communicate

Now you have your whistleblowing policy and reporting channel(s) in place to handle reports, the last step is let employees and other stakeholders know about them.

Obvious, right? Actually, this step is often overlooked or done poorly.

Effective and regular communication is the key to building an open and supportive culture.  A speak-up culture is more likely to instill trust and encourage employees to disclose wrongdoing.

Popular ways to communicate:
  • Company intranet
  • Company newsletter or email bulletin
  • Notice boards or video walls
  • Briefings or other internal events
  • Training sessions
  • Employee handbook

If you’d like to know more about communicating your whistleblowing channel or implementation in general, contact us and our team will be happy to answer your questions. 

Liked this article? Spread the word

What to read next...

Sign-up for the Whistlelink newsletter

Get the latest on whistleblowing best practices, the EU Directive and product updates.