Protection of whistleblowers implementation
When implementing signalling systems in an organisation, ensure consistency with your current documentation.
Ensure the consistency of the implementation of signalling protection with RODO
There is a high risk associated with the processing of whistleblowers' data and the data of the reported persons. Therefore, it is worthwhile to prepare the implementation of a whistleblower protection procedure in accordance with the requirements of RODO and with care for the personal data of whistleblowers as well as those affected.
Implement infringement reporting and whistleblower protection procedures
01
Audit
Carry out a thorough analysis of your needs with us, take into account the specific nature of their organisation, what is the subject matter of the organisation's activities, Whether there have been reports of whistleblowers or similar cases in the past (despite the absence of an official reporting channel), whether administrative penalties have already been imposed on the organisation (which may indicate that it has failed to comply with the GDPR), the protection of whistleblowers is of particular importance to this organisation, Who the organisation is able to delegate to handle such notifications., The need to create an anonymous reporting channel, If necessary, we will audit existing solutions for signals and recommend any required changes.
02
Documentation
The result of the analysis of the organisation's needs is the creation of a dedicated procedure for handling whistleblowing, including, inter alia, detailed regulations of internal channels of reporting, categories of reported violations, how to deal with a report (who can accept it, what is the procedure for acceptance, what is the communication with the whistleblower, time limits for taking action), follow-up actions in the case of a legitimate report, additionally - information on the possibility of external reporting and public disclosure.
03
Assessment of the impact of the implementation of the DPIA
In the process of reporting infringements by whistleblowers, we place emphasis on protecting both their personal data and the personal data of the persons concerned (potential offenders).
We shall establish the necessary information clauses and established rules for complying with the obligation to provide information. Where necessary, the reporting procedure may include references to the organisation's existing personal data protection documentation to ensure consistency.
The processing of the data of whistleblowers and data subjects involves a high risk and it is therefore appropriate to prepare a data protection impact assessment (DPIA) as required by the GDPR.
Assessment of data protection effects DPIA04
Training
In order for the procedures to work in practice, it is necessary to effectively communicate the new principles to the implementation participants.
Training for potential whistleblowers
Training should cover breaches they may report, protective measures they use, consequences that could threaten them in the event of a false statement, and feedback on the reported case they are entitled to.
Training for the Reporting Team,
The training will cover the rules for dealing with statutory notifications, the rules for informing whistleblowers and the follow-up actions related to the recognition of infringement reports as legitimate.
Our aim is to develop specific, transparent rules for the proper acceptance and efficient handling of whistleblower requests.
If you need help choosing a whistleblower application, check out Top 10 Ranking
What our customers say about our services
Marcin Wieczorek
„I am very impressed with the high level of substantive expertise of the training staff"
From 13 to 17 March I attended the "Course for Information Security Administrators" organized by ODO 24 sp. z o.o. I am very impressed with the high substantive level of the training staff and the comprehensive program. Working as an ABI requires knowledge not only of legal provisions but also of IT matters, which ODO 24 took into account. Noteworthy is the curriculum, which gradually introduces increasingly advanced nuances of personal data protection, starting from the legal basics and ending with practical aspects of auditing and working with documents within a company. The complete set of materials, editable documents and publications I received will facilitate my daily work as an ABI. I can certainly recommend ODO 24 as a reliable partner offering training services of a high standard.
Magdalena Węglewska
„We can wholeheartedly recommend ODO 24 as a professional and reliable partner"
For many years we have consistently placed great importance on the protection of the personal data of our customers as well as our employees. We took an active part in creating the "Code of Good Practice for the Protection of Personal Data of Customers and Potential Customers,” developed jointly by GIODO and the Polish Automotive Industry Association. Due to the complexity and variability of the rules on personal data protection, as well as Mazda’s dynamic development in Poland and the increasing volume of data we process, we decided to entrust the ABI function to a company specialized in this field. The decision to use the services of ODO 24 was primarily influenced by the experience and competence of the team of experts, the comprehensiveness of the offering and its flexibility in adapting to our organization. After a year of cooperation we can recommend ODO 24 as a professional and reliable partner.
Agnieszka Karłowicz
„A practical approach, continuous advisory availability, and positive working relationships"
We have been working with ODO24 for over a year. For us it has been a year of peaceful breathing and a sense of security: at least regarding personal data protection :-) The people at ODO are professionals who explain matters that are incomprehensible to the average person in an understandable way. They understand not only their profession but, which is very important to us, business and its requirements. A practical approach, constant advisory availability, and great relationships — all of this means I can recommend this Company to anyone who wants to work and sleep peacefully.
Tomasz Siwicki
„I recommend the company ODO 24 as a professional partner"
For several years we have been cooperating with ODO 24 in the field of personal data protection. A professional team that efficiently helped us to comply with the requirements of the GDPR. We make use not only of the experts’ knowledge but also of professionally prepared e‑training, thanks to which we were able to train several hundred employees in a very short time. I highly recommend ODO 24 as a professional partner delivering services at the highest level.
Implementation of whistleblower protection questions and answers
What is a whistleblower protection system and why is it required in my organisation?
A whistleblower protection system is a set of procedures enabling employees and collaborators to safely report suspicions of legal violations or unethical behaviour within the organisation. It is required to promote transparency and accountability, and also to protect organisations against the negative consequences of irregularities.
What are the main benefits of implementing a whistleblower protection system?
The main benefits are increased employee trust, improvement of organisational culture, early detection and prevention of breaches, protection against reputational and financial losses, as well as ensuring compliance with legal requirements.
Which regulations govern whistleblower protection in Poland and in the European Union?
In the European Union the protection of whistleblowers is regulated by EU Directive 2019/1937. In Poland, the provisions concerning the protection of whistleblowers have been aligned with the requirements of that directive and are set out in the Act of 14 June 2024 on the protection of whistleblowers.
Are there any requirements regarding company size for the implementation of a whistleblower protection system?
The Act on the protection of whistleblowers states that the obligation to implement an internal reporting procedure applies to entities for which, as at 1 January or 1 July of a given year, at least 50 persons perform paid work.
What steps should be taken to implement a whistleblower protection system in my organisation?
You should develop or adapt internal procedures, choose appropriate reporting tools and channels, update personal data protection documentation (to include the new data processing procedure), train employees and the team handling reports, and ensure anonymity and protection for reporters. Additionally, depending on the chosen reporting channels, it may be necessary to carry out a data protection impact assessment (DPIA).
How long does the process of implementing a whistleblower protection system take?
The implementation time may vary depending on the size and specific nature of the organisation, but it usually takes several weeks.
How can I adapt the whistleblower protection system to the specifics of my organisation?
Adapting the system requires understanding the organisation’s unique needs and risks, and then tailoring procedures, tools and training to those specifics. It is worth consulting experts in the field of whistleblower protection and personal data protection.
Which application for whistleblowers is the best?
Choosing the best application for whistleblowers depends on many factors, such as the specific requirements of your organisation and the key features that are most important to you. To make this task easier, we tested the applications available on the Polish market and published the results in the ranking of applications for whistleblowers. This information will help you make an informed decision and choose the best application for your organisation.
What are the consequences of not having implemented a whistleblower protection system?
The absence of a system may lead to undetected breaches, which can result in serious legal, financial and reputational consequences for the organisation. Additionally, the Act on the Protection of Whistleblowers provides for a fine for an entity that, despite a statutory obligation to implement internal reporting procedures, fails to fulfil that obligation.
Should employees be trained in reporting breaches?
Yes, training employees is key to the effectiveness of the system. Training should cover reporting procedures, protection of whistleblowers, and awareness of the legal and ethical consequences of breaches. We recommend our simple and proven solution: e-learning course: Whistleblower Protection.
What support does your company offer after the implementation of the whistleblower protection system?
Our company offers ongoing substantive support, legal consultations and additional training for new employees or in the event of changes to procedures. Details can be found in the offer.
Our greatest value is the trust of our customers.
How can we help you?
Write or call, we will find a solution
