European Directive on Complaints Channel
On 21st December, the obligation for all companies with more than 249 workers to have a complaints channel, as required by the European Parliament Directive of 23 October 2019, comes into force. By the end of 2023 it will be mandatory for all private and public companies with at least 50 employees, so most companies are already moving to purchase the best whistleblowing channelsoftware solution.
On AEPD’s blog last post, they emphasize the importance of choosing a solution that respects the basic principles of data protection. Over the next few months, all kinds of solutions will be promoted to implement your own online reporting channel, you can even find free reporting channels, but… Who guarantees that they have the security and privacy measures required by law?
How to comply with the law in your whistleblower channel?
The most important thing is to preserve the anonymity and privacy of the complainant. The entire process can be handled internally and confidentially until it is resolved, but measures must be in place to ensure its integrity, which is why free whistleblowing channel software is not at all recommended.
If your company were to suffer a security breach through its whistleblowing channel and personal data were to be leaked, it could be fined up to €600,000.
These are the requirements that every reporting channel must meet:
Guarantee the confidentiality of the identity of the complainant.
Designate a person, internal or external, as the person responsible for the complaints channel.
The person responsible must acknowledge receipt of the complaints filed, no later than 7 days after receipt.
Finally, the complaint must be responded to within a maximum period of 3 months from the issuance of the acknowledgment of receipt.
Access must be external to the corporate network because it is not just a tool for internal staff. Anyone related to the company should be able to report.
It must have the necessary measures to avoid security breaches, the most basic are:
To work on a secure connection protocole
To be hosted on a private server which warrants safety measures.
We recommend using an EU-based whistleblowing channel software, due to legislative differences that may exist in other countries.
Your online whistleblower channel that complies with the European directive from 150 €/year
With Edorteam you’ll a get totally safe and confidential whistleblowing channel solution.
Why a web form does not make the same function?
Until now, a whistleblowing channel could be a phone number, email or web form, but these channels do not fully guarantee the privacy of the complainant and have some risks. Let’s see why it is a bad idea:
In order to acknowledge and respond to the complaint, the complainant must provide some contact details (email, phone number or postal address).
This obligation to disclose some contact data, even if only the person responsible for the channel knows it, may act as a deterrent to some people who are thinking about reporting.
The data sent by a web form is received on an email address. This is a data security risk, which could lead to a security breach, especially if the account is managed by more than one person.
Email is one of the most common hacker’s target and an important human mistake’s source. Do not use it as a whistleblowing channel for your company.
E-book: your anonymous whistleblowing channel as required by law
We explain how does Edorteam’s whistleblowing channel softwarework.
Complies with European standards for complaint channel with Edorteam
Our technical and legal professionals will guide you throughout the process and train your team in software usage’s best practices. In addition, you will have at your disposal your Edorteam consultant for technical support whenever you need it.
You can count on us to guide you through this process not only because you are required to do so by law, but also to grow your company’s ethical culture.