RegSol Blog

Whistleblowing Directive adopted by the EU Council

December 2019

In the wake of the Cambridge Analytica scandal, the former Facebook employee, Christopher Wylie’s disclosures triggered investigations which raised privacy concerns on the unauthorised possession of personal data of millions of Facebook users for targeting digital advertising campaigns. 

Howard Wilkinson, Danske Bank’s former head of trading used the Bank’s internal whistleblowing procedures to report on millions in laundered money being used by a dormant account run by Putin’s cousin. His whistleblowing report made in 2012 was ignored. The Danske Bank money laundering scandal is now the largest in history.

It is within this context that on the 7 October 2019, the EU Council approved the wording of the "Directive of the European Parliament and of the Council on the protection of persons who report breaches of Union law", also known as the Whistleblowing Directive. Member States have two years to implement the Directive into national law.
Whistleblowing allows a person to report or disclose information on breaches identified during the course of their employment. 

This disclosure is protected where it is done in good faith under the Protected Disclosures Act, 2014 and under the Central Bank (Supervision and Enforcement) Act, 2013. The Workplace Relations Commission and/or the courts will determine whether or not a disclosure is a protected disclosure under the legislation. However, it should be noted that the 2014 Act provides that, in such proceedings, all disclosures are presumed to be protected disclosures unless otherwise proven.

The new directive broadens a whistleblower to include the public and private sector and includes former employees or job applicants, self-employed and company shareholders, volunteers and unpaid trainees. The list of potential breaches includes GDPR, consumer protection, environmental protection, money laundering, public and product safety. 

Member states can choose to extend the list of breaches if they so wish
Businesses with at least 50 employees must look to put in place internal and external procedures for reporting breaches and taking remedial actions all whilst guaranteeing the whistleblower’s anonymity and protection against retaliation. 

They must acknowledge receipt of the report within 7 days and provide feedback within 3 months. 
If you would like more information on implementing Whistleblowing Policies and Procedures, contact RegSol for assistance or training on Ethics and other Compliance related matters. 

By Judy de Castro - Regulatory Consultant