On December 16, 2019, the EU Directive on the protection of whistleblowers came into force and is to be converted into national law by the EU countries by December 31, 2021. In Germany, this is to be done in the so-called “Whistleblower Protection Act”, which could not be passed in the old legislative period. But it is clear that this will happen soon.
In this regard, smaller companies with 50 to 249 employees have an extended set-up period until December 17, 2023. These companies are allowed to set up a jointly operated reporting office together with other companies in order to save costs.
rexx systems is already ahead of the times and presents the appropriate module
The draft of the Whistleblower Protection Act is already in the drawer and is virtually only waiting to be passed. Since it will inevitably be passed, companies would do well to start setting up a whistleblower system that complies with the guidelines now. The Whistleblower Protection Act stipulates that companies with 50 or more employees or annual sales of EUR 10 million or more must set up a reporting channel for employees, customers and other third parties to report legal violations in their day-to-day work. Companies from the financial sector are hit particularly hard, because regardless of the number of employees, they must introduce internal whistleblower systems.
The system should make it clear to whom the report is addressed, who has access to it, how queries are dealt with and within what period a response should be made. It must be possible to report these violations verbally or in text form. The focus here is on protecting the anonymous whistleblower. Unrestricted access to a whistleblower system, which preserves the identity of the whistleblower and any third parties and prevents unauthorized persons from accessing it, should enable internal clarification in a protected non-public setting.
Companies must involve the works council when introducing a new whistleblower system or modifying existing ones. This draft also stipulates that persons who receive the reports must receive regular training. All reports must be documented and checked for validity. Appropriate follow-up measures are then initiated, such as internal investigations or submission to a competent body.
Own module integrated in the rexx suite
With the whistleblower channel, rexx systems has developed its own module for this function in the rexx Suite. Employees have the option of submitting violations that are subject to penalties or fines, for example, both 100% anonymously and by providing contact information in a request form. All reports and requests are treated strictly confidential and worthy of protection, thus fully compliant with General Data Protection Regulation & the EU Whistleblower Directive. Better than a physical mailbox, more efficient than according to the slogan “My door is always open” and more secure than by phone, email or letter – this is only possible with the Whistleblowing module.
The whistleblower can view the status of the report at any time to check whether action has been taken. A confirmation of receipt must be available seven days after receipt of the report. Likewise, the whistleblower may add additional information to the report at any time, or those authorized to receive it may report back for additional important information that will help resolve the issue. The employer is required to provide feedback on how the report was handled within three months.
Anonymous exchange is guaranteed at all times
To ensure anonymous access to the message at all times, a secure key is generated after the message is posted. The employee is asked to copy this key and confirm it via the checkbox. In this way, the whistleblower can continue to follow up on the existing message without having to disclose his or her user name and password. The user only has to enter the generated key. Communication with the whistleblower is easily controlled via the comment function of the ticket. The whistleblower’s responses also go back to this field as comments and the authorized persons receive a notification.
You might also be interested in this: