Skip to content

The Importance of Confidential Whistleblowing Reporting

Case study whistleblowing system

A hospital in an EU country enlisted an IT firm to provide a whistleblowing reporting system. The solution was aimed at allowing staff members to make reports of misconduct and other concerning practices so that an investigation team at the hospital could then follow up in a confidential manner.  

However, the IT firm’s programme was not compliant with the General Data Protection Regulation (GDPR) and would not have complied with the confidentiality requirements of the EU Whistleblowing Directive. The latter was also a requirement because, at the time when the supervisor fined both parties for their role in the incident, the directive was already transposed into this country’s national law.  

Background

Whistleblowers are essential for uncovering wrongdoing within businesses and organisations. Those on the ground who witness illegal or dangerous activity can alert leadership to such incidents before they spread and become embedded. This can reduce the chances of compliance sanctions, reputational damage and, especially in the case of a hospital, illness or even death.  

The hospital partnered with the IT firm to develop an internal reporting system. The goal was to allow employees and other stakeholders to report wrongdoing, sparking an investigation that could establish the facts and decide on a course of action to rectify any issues.   

However, the software that the IT firm installed contravened GDPR. It logged users that accessed the software by recording their activity and storing it in firewall logs. 

This meant that anyone with access to the logs could identify its users, including whistleblowers. At no point did either party inform users about this aspect of the processing of their data.  

At the time that this came to light, it meant that both parties faced sanctions for non-compliance with GDPR. But the additional impact could be that anyone reporting misconduct could have their details exposed to the perpetrators of the alleged crimes, leaving them vulnerable to retaliation.  

Both parties received fines of €40,000.  

What happened next?

It's crucial for your reporting system to protect whistleblower data. This is important both for following GDPR rules and for giving reporting persons the confidence they need to report misconduct without fear of reprisal.

Only authorised personnel should have access to a whistleblower’s report through your internal reporting system. In addition, where the company’s rules and the country’s national law allow, reporting persons can remain anonymous so no other party knows their identity.

In many cases, this is necessary to encourage whistleblowers to come forward with their reports and evidence.

the-importance-of-confidential-whistleblowing-reporting

How IntegrityLog helps

IntegrityLog takes whistleblowers' data privacy seriously. Our online reporting system is GDPR-compliant and secure so that only those who need to know the identity of the whistleblower have access to that information. In addition, there is the option to enable anonymous reporting.  

Using a trusted system like IntegrityLog ensures your employees can be confident they can make reports in a private manner and helps compliance teams maintain their adherence to the strict EU privacy laws.  

Request a demo or request a 14-day free trial to find out how to create a compliant whistleblower reporting system for your organisation. 

References and further reading

Subscribe to our newsletter

Stay up to date with the latest news and products

Subscribe
newsletter-subscription-image

Sign up for our newsletter

Stay up to date with the latest news and products

You have successfully subscribed!

This is your official confirmation. Thank you for joining ComplyLog Newsletter. While you wait for the next issue of ComplyLog, check out the latest articles and references.

Related articles

Post Picture

The Whistleblower Fired Three Times for Exposing Criminal Activity

A security officer for a publicly owned transportation company in a European country had three dismissals overturned by a judge after an employment...
Read More
Post Picture

When Whistleblowers Take Part of the Blame

A European medical research establishment recently found a disgraced surgeon guilty of scientific misconduct. However, in this real but anonymised...
Read More
Post Picture

When Public Disclosure Wipes Billions From a Company’s Value

A European retailer lost nearly €2 billion from its value in three months following a journalistic investigation into its poor working conditions,...
Read More
Post Picture

The Whistleblower Jailed for Revealing the Misuse of Public Money

In the mid-2010s, an official at a trade union in a European country became suspicious about the misuse of funds that had been designated to support...
Read More
All articles