Usage of e-mails as a whistleblowing channel: not compliant according to the EU directive

A deep dive into whistleblowing channels: why e-mail is not compliant with the EU Directive 2019/1937

Among the changes introduced by the European Union Whistleblowing Directive, which has now been transposed in the vast majority of Member States, the most important is undoubtedly the obligation for entities and companies to establish “channels for receiving the reports which are designed, established, and operated in a secure manner that ensures that the confidentiality of the identity of the reporting person and any third party mentioned in the report is protected, and prevents access thereto by non-authorized staff members” (Article 9 of Directive (EU) 2019/1937).

Therefore, it is crucial to ensure that your system for handling reports has the necessary requirements for confidentiality, both organizationally and technically.

Whistleblowing systems and email use: Penalties for companies that break the rules

Many companies already handle whistleblowing internally through email boxes or online forms, if not in person or through paper forms, believing that such a system meets all the requirements.

However, these solutions need to be reconsidered in light of the new regulations. Used alone, without the co-presence of compliant software, they do not meet the strict requirements for the protection of sensitive whistleblower data set out in the EU Directive. In this article, we will focus on the critical compliance issues raised by the use of email as a whistleblower channel: let’s look at the key points together.

Statistics on the percentage of employees who are afraid of retaliation - whistleblowing

The original text of the EU Directive suggested that member states provide a system of criminal, civil, or administrative sanctions to ensure the effectiveness of whistleblower protection rules, and indeed many national transposition laws have done so. However, penalties for GDPR violations have been in place for years, capped at 4 percent of total turnover or 20 million euros.

Legality Whistleblowing vs. E-mail: What is the best solution for whistleblowing in the company?

We have seen that using an e-mail box as a whistleblowing channel unfortunately might not offer the necessary guarantees of confidentiality and trust that such a tool should provide to those who decide to “blow the whistle”.

The Legality Whistleblowing Software is the most secure system for handling whistleblowing in both the public and private sectors:

E-mails


  • Don’t ensure the confidentiality of the whistleblower’s identity and personal information

  • Difficult to manage from an organizational perspective

  • Discourage whistleblowing, undermining the effectiveness of the channel

  • Expose the company to the risk of fines

Legality Whistleblowing


  • Asymmetric encryption and regulatory compliant access

  • Secure servers with ISO/IEC 27001/2017 certified infrastructure

  • Intuitive and user-friendly platform for both managers and whistleblowers

  • Compliant and valid for obtaining ISO 37001, 37002, and 37301 certifications

Legality Whistleblowing software and mobile app: book a free demo

Implementing a compliant system is easier than you think

With Legality Whistleblowing, you can quickly equip yourself with a fully compliant solution