Whistleblower Directive – Why implementing safe anonymous reporting channels is still important for UK businesses.

The legislation states that businesses must provide secure, GDPR compliant methods of processing and storing Whistleblower reports.

The EU whistleblowing directive was passed back in December 2019, giving businesses two years to meet compliance requirements. As the UK is no longer a member state of the EU, does this mean that complying with the directive isn’t essential? We explore this question in more detail, providing our take on the directive and why we feel having an anonymous reporting channel that meets the directive is still critically important.

What is the EU Whistleblower Directive?

This new directive primarily aims to ensure minimum standards of protection for whistleblowers who highlight breaches of EU law with employers. This requires organisations to provide safe and secure anonymous reporting channels which can be utilised by employees to highlight wrongdoing.

Although the UK is no longer part of the EU, legislation passed on the continent can still have implications for British businesses.

Does that mean that it doesn’t apply to UK based companies?

This is a question that has caused a lot of confusion since the directive was announced. On paper, the UK is under no legal obligation to implement the directive, but where the water gets muddied is when UK based businesses have large operations on the content. If an employer has more than 250 employees in Europe, then yes, this legislation will still apply within the country that the employees are based. In this scenario, it is important to take action and put in place measures to ensure compliance.

But for companies that don’t have this amount of employees working within the EU, it is still worthwhile adhering to the directive for a number of other reasons, which include:

Future changes to UK legislation

Whilst the UK is one of the areas deemed as having comprehensive protection to whistleblowers, current legislation isn’t as far-reaching as what is contained in the new directive.

Although the UK has now left the EU, it is unwise to think that changes to EU legislation will not impact us. Remember, the EU is one of our biggest trading partners, and as in the case of other similar legislation (like data protection) aligning UK laws to EU ones remains critical, and a key priority for the government.

Another factor to consider is that a number of UK organisations are putting pressure on the government. For example, Protect, which are running a campaign calling upon the government to take action.

Whilst meeting the directive requirements may not be UK law, it is an issue that may crop up in the coming months. Taking action now will ensure that your company is in a better position as the situation develops.

Following Best Practices

Although it is not a legal requirement, it may become best practice to implement these changes. This is especially relevant for financial organisations that operate across Europe. It is highly likely that other financial institutions will adopt measures to meet this directive resulting in this becoming a best practice.

Single International Whistleblowing Framework

For large multinational organisations that have a single global framework then it will be important to implement the changes across all territories to ensure consistency.

What action needs to be taken

The directive indicates a number of actions that must be taken in order to comply with the objective. This includes secure, GDPR compliant methods of processing and storing Whistleblower reports. Reporting systems also must provide an acknowledgement of the report and follow up after the report is submitted. Finally, Whistleblowers must have access to both written and verbal ways of submitting reports.

Help is at hand

A critical aspect of meeting this requirement is having a system that meets the needs highlighted above. Unlike GDPR, implementing these systems is not as complex a task as it may seem. Our team have developed a new module for our case management solution that allows anonymous reporting that is safe, secure and confidential in accordance with the directive.

Our solution enables the following:

The notification channel, including the completed form, follow up pages and handling steps.
Two-way communication. As the case progresses, the notifier may clarify and complete their notification and may be asked additional questions.
The possibility for the notifier to follow the handling process with case-specific logins.

Best of all the Whistleblower solution is completely free of charge for Webropol Case Management customers. To find out more about our Whistleblower solution click the button below.

In Summary

It’s clear from the above that the Whistleblower directive is still relevant for UK businesses and implementing processes and systems now will put you in a good position if the law changes. But that’s not the only reason you should prepare for the directive, it will also ensure you are working towards best practices and allow for consistency across your organisation. We hope you enjoyed reading this article and if you have any questions then please feel free to get in contact with a member of our team.

Contact us today to find out more at or by calling our dedicated support line, 01788 833881.

A note about this article

This article was written by a member of our team, as an interpretation of how this directive may impact UK based companies, it is not a legal document. We are a provider of solutions that assist in complying with this directive, however, it is still recommended that you source legal assistance to get advice on what actions should be taken.