Introduction: What is a Whistleblower and Why Does It Matter?

Since 2024, employers must deal with new regulations concerning whistleblower protection. A whistleblower is an employee or person cooperating with a company who discloses information about violations of law. Employer obligations towards whistleblowers are significant and apply to practically every company employing at least 50 people.

In this article, we explain what it means to be a whistleblower, what obligations employers have, what procedures must be implemented, and what are the consequences of not complying with the law.

Who is a Whistleblower? Definition and Scope

A whistleblower is a natural person who discloses or reports information about a violation of law obtained in a work-related context. The law defines this very broadly, including:

• Employees hired on employment contracts
• Workers (contract workers)
• Interns and trainees
• Volunteers in public organizations
• People outside the company (suppliers, business partners) who obtained information in connection with work
• Job candidates who disclose violations

The key point is that a whistleblower does not have to be an employee. An outside person who obtained information during cooperation with a company may also be protected as a whistleblower.

Which Companies Must Comply with Whistleblower Protection Law?

The Whistleblower Protection Act does not apply to all enterprises. Obligations resulting from the regulations apply to:

This means that:

If a company employs fewer than 50 people, it does not have to implement a formal internal procedure, but the employee still has the right to report to external bodies (e.g., Ombudsman).

Main Employer Obligations Towards Whistleblowers

Employers must meet several key obligations to comply with the Whistleblower Protection Act.

1. Implementation of Internal Reporting Procedure

Each company with more than 50 employees must establish a procedure allowing employees to report violations internally. The procedure should include:

• Clear indication of where and how to report violations
• Specification of response time (maximum 3 months)
• Possibility of anonymous reporting
• Description of follow-up actions

2. Ensuring Confidentiality and Anonymity

Employers must protect whistleblower identity. This means:

• Limited access to whistleblower data to authorized persons only
• Data cannot be disclosed without whistleblower consent
• Whistleblower has right to anonymous reporting
• Employer must document all steps to maintain confidentiality

3. Protection Against Retaliatory Actions

This is the most important obligation. Employers must protect whistleblowers from retaliation. The prohibition includes:

Key point: If an employer punishes a whistleblower in any way for making a report, the law is violated. The whistleblower has the right to sue for compensation.

4. Appointment of Responsible Person

Company should designate a specific person or department (e.g., HR, Compliance) responsible for:

• Receiving reports from whistleblowers
• Maintaining confidentiality
• Coordinating internal investigation
• Informing whistleblower of results (within protection)

5. Documentation and Registration of Reports

Employers must maintain a record of all reports, containing:

• Date of report
• Description of violation (without revealing identity)
• Actions taken
• Investigation result
• Method of notifying whistleblower

Three Reporting Channels for Law Violations

The Whistleblower Protection Act provides three ways to disclose law violations.

Channel 1: Internal Report

Whistleblower reports the violation directly to the employer through the implemented internal procedure. This is the preferred path if the employee trusts the compliance or HR department.

Channel 2: External Report

Whistleblower may report violation to Ombudsman, public bodies or EU institutions, if:

• Internal procedure does not work or fails
• Public safety threat exists
• Whistleblower fears retaliatory actions

Channel 3: Public Disclosure

Whistleblower may publicly disclose violation (media, internet) if:

• Internal procedures exhausted without result
• Urgent need to protect public interest exists
• Whistleblower suffered protection violation

Consequences of Violating Whistleblower Protection

Employers who do not comply with the law face penalties.

Administrative Sanctions

County administrator imposes the penalty on request of interested persons (whistleblower, Ombudsman). The employer has the right to appeal within 14 days.

Civil Liability

If an employer commits retaliatory action, whistleblower may seek:

• Compensation for lost earnings
• Compensation for lost career opportunities
• Damages for violation of personal rights
• Reinstatement to previous position

Practical Implementation of Whistleblower Protection in Companies

If you employ at least 50 people, here are steps to implement whistleblower protection.

Step 1: Develop Internal Procedure

The document should contain:

• Definition of whistleblower and violation
• Reporting channels (email, mailbox, responsible person)
• Guarantee of anonymity
• Time frame for investigation (maximum 3 months)
• Ban on retaliatory actions

Step 2: Appoint Responsible Employee

The responsible person should know the regulations and have access to data. Possible delegations:

• HR Manager
• Compliance Officer
• Business Ethics Specialist
• Directly to Management (in small companies)

Step 3: Inform Employees

All employed persons must know about the procedure. This means:

• Providing procedure to every employee
• Training management teams
• Office information posters
• Information in work regulations

Step 4: Document All Reports

Keep record of reports containing (without revealing identity):

• Date and channel of report
• Description of violation (encrypted or coded)
• Actions taken
• Investigation result
• Communication with whistleblower

FAQ: Most Common Questions

Does whistleblower have right to identity confidentiality?

Yes, employer must protect whistleblower identity unless whistleblower decides otherwise. Revealing identity without consent is a violation and subject to penalty.

What if whistleblower publicly discloses violation in media?

If internal procedure fails or whistleblower feared retaliation, public disclosure is protected by law. Employer cannot prohibit this or punish anyone for it.

Must small companies (below 50 people) have a procedure?

They do not have to have formal internal procedure, but employees can still report violations to public bodies (Ombudsman). Lack of protection is a violation.

Can whistleblower be dismissed "for other reasons"?

If dismissal occurs shortly after reporting, it may be considered retaliatory action. The burden of proof lies with the employer to show the reason was not retaliation.

What to do if whistleblower is harassed or isolated?

This is retaliatory action. Whistleblower has right to sue for compensation, and employer will be penalized administratively. The employee should immediately report the incident to the responsible person or Ombudsman.