Skip to main content

On-demand webinar coming soon...

Blog

The ultimate guide to complying with the EU Whistleblower Directive

Find out what the Directive requires, who must comply, and how to comply with this detailed guide

 

December 20, 2022

EU flag

Before European Parliament and the European Council adopted the EU Whistleblower Directive, whistleblower protection legislation in the EU – and beyond – was fragmented and inconsistent. The Directive marks an enormous step forward for whistleblower protection standards, and its impact will be felt globally. That means that your whistleblower hotline, retaliation policies, and compliance program at large may require a revamp – whether your company has employees in the EU or not.

Want to read up on the Directive later? Download our Ultimate Guide to the EU Whistleblower Directive

 

What is the EU Whistleblower Directive?

On September 25th, 2019, the European Parliament published a new directive on the “protection of persons who report breaches of Union law,” now referred to as the Whistleblower Protection Directive, EU Whistleblowing Directive, or EU Directive 2019/1937.

The Directive’s intention is to provide consistent protection for those who step forward and report breaches of EU law across all 27 Member States. Within the EU, it expands every dimension of whistleblowing and reporting – who can make a report, what can be reported, where issues can be reported and why. Not only that, but the Directive also expands the accountability that companies face when it comes to retaliation against whistleblowers. This presents some crucial, never-before-seen challenges to companies with a presence in the EU.

Adding to the complexity is the fact that this legislation takes the form of a Directive, and not a regulation. Regulations – like GDPR – apply consistently and immediately across all Member States. Directives, on the other hand, lay out a series of requirements and leave it up to each Member State to transpose into local law and thus decide how they will meet Directive requirements. This transposition will introduce nuances in each Member State, and thus complexity when it comes to regulatory compliance for companies operating in multiple countries.

While the Directive included a deadline of December 17, 2021 for Member States to do so, it is not unusual for Member States to miss such deadlines – and many of them did. To stay up-to- date on Member State progress, follow the DataGuidance EU Whistleblower Directive Tracker. While Member States continue to iron out the nuances of the Directive and transpose it into their own law, companies should implement the unequivocal requirements of the Directive as soon as possible. Want to find out if your organization is fully compliant with the EU Whistleblower Directive and unique Member State requirements? Download our interactive EU Whistleblower Directive checklist. 

Please note: this article does not constitute legal advice on the part of OneTrust. Since the Directive was adopted, our team has invested considerable resources into understanding its requirements. We have researched, partnered with European compliance experts, and worked closely with customers to compile this guide.

While our team does not provide legal advice, we can help companies implement a hotline that complies with Directive requirements on short notice. Please reach out to a member of our team for assistance on implementing a hotline.

 

What does the EU Whistleblower Protection Directive require?

The Directive requires that companies:

  • Provide internal mechanisms for whistleblowing
  • Educate employees and others about their whistleblowing options
  • Protect whistleblowers who report breaches of EU law, and
  • Prevent them from being retaliated against

 

It also includes requirements that Member States must follow – including establishing external reporting channels for whistleblowers who choose to report outside of their company.

 

Establishing internal reporting channels and external reporting channels

More specifically, Article 8 of the Directive says that Member States must require legal entities in both the public and private sectors to establish reporting channels – a whistleblowing hotline – and mechanisms for follow-up. These mechanisms can be operated by a company employee or department, or by a third-party provider. Regardless, the reporting and follow-up procedures must meet the following Directive requirements:

  • Protects the confidentiality of the reporter and the privacy of any third party mentioned in whistleblowing reports, and prevents access to the report by unauthorized team members
  • Acknowledges receipt of the report within seven days
  • Allows for diligent and impartial follow-up, communication, and feedback – including for anonymously submitted reports – within three months of the report’s submission
  • Allows whistleblower to review, approve, and edit initial report and subsequent interview notes
  • Allows for reporting in writing, orally (through telephone or voice messaging, or a physical meeting if requested by reporter), or both
  • Provides clear information on external reporting options

 

Support measures for whistleblowers

The Directive requires Member States to provide whistleblowers and potential whistleblowers access to support measures. Information on whistleblowing procedures, protection from retaliation, and whistleblower rights must be available to the public for free. In addition, Member States must provide protected parties with access to legal aid in criminal and cross-border civil proceedings and may also provide financial aid and psychological support.

 

Penalties for non-compliance

Within the Directive, Member States are required to establish “effective, proportionate and dissuasive penalties” to anyone who attempts to hinder a report, engage in retaliation, bring vexatious legal proceedings against protected parties, or breach confidentiality. In addition, those who knowingly report false information will also face penalties, and those affected by false reports may be entitled to damages.

 

Central reporting channels versus local channels for each subsidiary

While the Directive specifies that companies with between 50 and 249 workers may share resources for the purposes of reporting, there is – according to the EU Expert Group and the European Commission’s interpretation of the Directive – no similar exception for subsidiary companies. According to this interpretation, subsidiaries with 250 or more workers may no longer rely solely on their parent company’s central whistleblowing systems, and must have the ability to investigate reports locally rather than at the group, or corporate, level. Central reporting channels and case management may still exist, but whistleblowers must have the option to report at the local or group level.

Want to know more? Download our Ultimate Guide to the EU Whistleblower Directive

 

Who must comply with the EU Whistleblowing Directive?

The Directive applies within EU Member States to all companies, both public and private, with 50 or more employees, or with an annual turnover or total assets of more than €10M. Local authorities that provide services for more than 10,000 people are also subject to the Directive’s requirements. The Directive also applies to some companies that fall outside of these boundaries. Companies of any size that operate in Financial Services, or where there is a risk of money laundering or terrorist financing, must also heed the Directive’s requirements.

  • EU-based companies with employees outside the EU
    • While the Directive does not specify whether workers need to be physically located within the EU, it is reasonable to assume that any legal entity established in the EU that employs more than 50 workers will need to comply with the Directive, regardless of where the workers are located, be that inside or outside the EU.
  • Companies based outside the EU with employees in the EU
    • Similarly, it is unclear whether non-EU entities that employ more than 50 workers within the EU will need to comply with the Directive. Given that their employees located in the EU are subject to a raft of EU labor laws, it is highly likely that such entities will be subject to the Directive, regardless of their employer’s location.
  • Does the EU Whistleblower Directive apply in the UK?
    • In short, no. The UK already had comprehensive legislation in place to protect whistleblowers, namely the Public Interest Disclosure Act 1998 (PIDA). The UK Government has confirmed that it does not intend to adopt the Directive into UK law, given its departure from the EU.

 

Who is protected by the Directive?

The concept of a “worker” in the EU is broad, and the protective scope of the Directive has been cast particularly wide. It offers protection to anyone in what is termed “a work-based relationship,” regardless of the nature of their activities, whether it is paid, and whether or not they are EU citizens.

Consequently, the Directive protects:

  1. Current and former (part- or full-time) employees
  2. Directors
  3. Non-executive directors
  4. Temporary workers
  5. Fixed-term contract workers
  6. Sub-contractors
  7. The self-employed
  8. Freelancers
  9. Suppliers
  10. Vendors
  11. Shareholders
  12. Members of professional-type bodies
  13. Job applicants
  14. Work applicants
  15. Trainees
  16. Interns (paid or unpaid)
  17. Volunteers
  18. Third-parties or facilitators, such as colleagues or relatives, who could be affected by a disclosure report
  19. Those whose work-based relationship has yet to begin, such as through pre-contractual negotiations, or leavers where it has ended

 

In order to qualify for protection under the Directive, whistleblowers must have information on violations of EU law. Thus, protected whistleblowing under the Directive aligns with certain categories of law (though Member States may choose to add to this list).

 

The following areas and topics are covered by the Directive:

  1. Public procurement
  2. Financial services, products and markets
  3. Product safety and compliance
  4. Transport safety
  5. Protection of the environment
  6. Radiation protection and nuclear safety
  7. Food and feed safety, animal health and welfare
  8. Public health
  9. Consumer protection
  10. Protection of privacy and personal data

 

The EU is actively encouraging national lawmakers to extend coverage of wrongdoing to cover current national laws. In some cases, Member States are considering an extension to simply include “suspicious wrongdoing,” which will be a significant increase in scope.

 

How whistleblowers can submit reports according to the Directive

One of the fundamental shifts in the EU Whistleblowing Directive is its three-tier reporting structure.

The Three-Tier Reporting Structure

Internal Channels

  • Must be kept confidential
  • Must be acknowledged within seven days and responded to within three months

External Channels

  • Competent authorities established by each Member State
  • Cases must be dealt with within three months (or within six months in justified cases)

Public

  • Such as the media
  • Reports may involve an imminent danger to the public interest, a risk of retaliation, or a failure to deal with concerns internally

 

Unlike previous laws in some Member States, which required whistleblowers to report internally before going to regulators or the media, the Directive specifies that there is no hierarchy or order of operations with these three reporting methods. Whistleblowers will be protected by the Directive regardless of the route they choose.

It remains in each company’s best interest to encourage employees to raise concerns first via internal channels, stressing the confidentiality of those reports and the support that your organization can offer.

Want to take this resource with you for future reference? Download our Ultimate Guide to the EU Whistleblower Directive

 

Retaliation and the EU Whistleblower Directive’s reverse burden of proof

Protecting whistleblowers from retaliation is at the heart of the EU Whistleblower Directive. Retaliation can be incredibly damaging to the person experiencing it – and the culture of a workplace that enables it. While they may require some adjustments to your company’s hotline and case management processes, the anti-retaliation requirements of the EU Whistleblower Protection Directive are a positive step forward for companies in the European Union.

Your company likely has an anti-retaliation policy in place, but it may not be enough to meet the new anti-retaliation requirements within the EU Whistleblower Protection Directive. Specifically, the “reverse burden of proof” means that your company must now be able to prove that no retaliation has taken place.

To learn exactly what your company must do to comply with these new anti-retaliation requirements, read our blog.

 

Whistleblowing hotline requirements under the EU Whistleblower Directive

You must, in order to empower potential whistleblowers, make your hotline as accessible as possible to all potential whistleblowers that are protected by the Directive. While the Directive specifies that reporting channels can be either written (through an online reporting platform, email, letter or complaint boxes) or oral (via telephone hotline, voice messaging system or in person), some Member States require companies to provide both a written reporting option and an oral reporting option.

In order to not deter reporting, companies are expected to provide transparent information and clear, easily accessible reporting channels. Accessibility is a key requirement of the Directive, and should include providing intake in local languages, making your hotline available on a public-facing landing page, and more. The more accessible your whistleblowing channels are, the more likely your employees, third parties, and others will be to rely on them rather than reaching out to external channels or the media.

Want to know more about whistleblowing hotline standards? Check out our blog on ISO 37002, a framework for best-practice hotlines.

 

Anonymity and confidentiality requirements of the EU Whistleblower Directive

Under the EU Whistleblowing Directive, the decision on anonymous reporting lies with each of the 27 EU Member States. Consequently, approaches to whistleblower anonymity will continue to differ, as they do now, based on local culture and history. However, the Directive is quite clear on confidentiality. We’ll dive into the subtleties of anonymity and confidentiality below.

 

Anonymity requirements of the EU Whistleblowing Directive

While the Directive leaves anonymity requirements up to the Member States to decide, there are four primary approaches available to Member States:

  1. No anonymous reporting
  2. Only anonymous reporting
  3. Anonymous reporting is allowed, but that ability is not publicized
  4. Anonymous reporting is allowed, but companies are not obligated to investigate anonymous reports

 

Currently, OneTrust’s Helpline and Case Management offers a fifth potential option: a partially anonymous capability where reporters provide their details only to OneTrust while remaining anonymous to their employer. This ability is not yet accounted for in whistleblowing legislation anywhere in the world, but is an option available to our customers.

 

Confidentiality requirements of the EU Whistleblowing Directive

Whistleblower confidentiality is required by the Directive. Ensuring that confidentiality requires scrutiny of the entire whistleblowing process from the point of a potential reporter looking up the hotline, to submitting a report, and on through case management, investigation, conclusion, and follow-up. Confidentiality has been broken in several high-profile cases (see the story of Wendy Addison for an example), and these occasions clearly influenced the thinking behind the Directive.

Confidentiality requires a selected and trained team of report handlers. Some reports must be shared outside this team, but policies, statements, and training all have a role to play in maximizing confidentiality for the reporter and the subjects of the report alike.

It can be difficult to maintain confidentiality in small companies or within small groups of employees, even with anonymous reporting. This issue should be recognized and proactively addressed to minimize the risk and consequences of a leak.

 

Hotline communications, awareness, and training

The EU Whistleblowing Directive extends the scope of required awareness and training to all protected whistleblowers, and that includes contractors, vendors, and other third parties. It’s worth reexamining your hotline awareness strategy and coming up with something that is effective, practical, and in line with Directive requirements.

 

Training employees on the EU Whistleblowing Directive

The Directive includes a requirement that employees and third parties are made aware of the Directive and the protections that whistleblowers are entitled to under it. That training must cover the three-tier reporting provision – where reporters are protected whether they report internally to the company, externally to a regulator or other recognized institution, or externally to the media. This training can be folded into regular compliance training or stand on its own; either way, it must happen.

 

Training case handlers

More detailed training on the Directive may be limited to managers, case handlers, and groups who interact more closely with ethics and compliance initiatives. This training may cover the extended requirements of the Directive, variations across Member States, and anti-retaliation strategies.

 

EU Directive requirements for hotline awareness extend beyond employees

Standard hotline awareness strategies include workplace posters, emails, and team briefings. Emails and meetings are easily expandable to your third-party work-based relationships. While workplace posters may be less visible to third parties, consider other materials that are passed back and forth through the course of business. Can you include a pamphlet on the hotline alongside your invoicing materials? Consider your ethics and compliance program’s online presence as well. If your Code of Conduct is accessible outside the firewall, add a QR code for it to all your third-party communications, as well as to employee materials like pass cards, pay slips, and more.

 

Overcoming reporting reluctance

When strategizing your hotline awareness communications, it’s imperative to see things from the perspective of a potential whistleblower. Address the key questions that will arise, like “Who will know about my report?” and “What will happen after I submit a report?” Proactively provide answers that can help address reluctance, and your awareness campaigns will be more effective.

 

GDPR and the EU Whistleblowing Directive 

Invariably, whistleblowing hotlines handle and process personal data. The EU Whistleblowing Directive requires that such processing take place in compliance with EU data protection law, namely the General Data Protection Regulation (GDPR). GDPR does not specifically reference whistleblowing – but that doesn’t mean whistleblowing is any less protected. The potential risks to reporters and subjects of a report can’t be overstated, so data protection is crucial for all parties involved.

To learn more about the intersection of the EU Whistleblower Directive and GDPR, read our blog.

 

Finding a hotline vendor that will help you comply

Does your current hotline provider – if you have one – stand up to the scrutiny necessary to comply with the EU Whistleblowing Directive? Taking a critical eye to potential vendors and their offerings can be an overwhelming task. Beyond the requirements of this Directive in particular, consider that whistleblower regulations and privacy regulations are evolving at a rate never seen before. Perhaps the most essential element to consider as you evaluate vendors is how well they are positioned to adapt, evolve, and stay ahead of the ever-changing whistleblowing landscape.

Evaluate your whistleblower hotline vendor on the following categories to ensure their solution is compliant:

  1. Reporter communication: anonymous and named
  2. Data security and GDPR
  3. Call center
  4. Accessible intake methods
  5. Confidentiality and retaliation prevention
  6. Record keeping and retention
  7. Subsidiary-level intake channels and case management

 

Read our blog on how to find a Directive-compliant hotline provider

Still looking for a hotline vendor to help you comply? OneTrust can help. Please reach out to a member of our team for assistance on implementing a hotline that complies with EU Whistleblower Directive requirements.

Want to keep a copy of this article for future reference, or to share with your team? Download our Ultimate Guide to the EU Whistleblower Directive.


You may also like

Webinar

Ethics Program Management

From reactive to proactive: Transforming your ethics & compliance program

Join this webinar to hear experts explore actionable strategies employed by Ethics & Compliance programs to drive a more ethical culture.

September 12, 2024

Learn more

Infographic

Speak-Up Program Management

Modern slavery: Identifying the signs of forced labor in your supply chain

Looking up and down your organization's supply chain for key indicators is critical to preventing, identifying, and stamping out forced labor.

June 25, 2024

Learn more

Webinar

Speak-Up Program Management

EthicsConnect: Speak Up - Balancing Regulation with a Genuine 'Safe Space' for Employees

Network with fellow ethics professionals, collaborate in break out rooms, and learn how to over the challenges of meeting EU Whistleblower Directive compliance from experts.

June 13, 2024

Learn more

Webinar

Ethics Program Management

Drive employee engagement with Ethics Program Management

In this tech talk, we will walk you through the customer's employee journey utilizing our Ethics Program Management suite of tools.

May 21, 2024

Learn more

Webinar

Ethics Program Management

EthicsConnect: Risk - It’s not just for breakfast anymore

Join us for a deep dive into embedding privacy by design into the fabric of your business to promote the responsible use of data.

April 25, 2024

Learn more

eBook

Ethics Program Management

Business messaging apps: A guide to corporate compliance

How can your business use third-party messaging apps while staying compliant? Dive into key usage considerations based on the DOJ’s 2023 guidance.

February 13, 2024

Learn more

Infographic

Third-Party Risk

4 top-of-mind challenges for CISOs

What key challenges do CISOs face going into the new year? Download this infographic to hear what experts from industries across the board have to say.

January 30, 2024

Learn more

Webinar

Third-Party Due Diligence

Best practices for conducting third-party due diligence for ethics & compliance​

Join this webinar for best practices for conducting third-party due diligence for ethics and compliance.

January 11, 2024

Learn more

Webinar

Ethics Program Management

Ethics Exchange: Third-party applications and ephemeral apps

Learn practical advice on how to navigate the risks of ephemeral apps and employee privacy in BYOD world.

December 05, 2023

Learn more

Webinar

Speak-Up Program Management

Navigating the EU Whistleblower Protection Directive: New rules, new risks

Join our expert-led webinar where we explore the EU Whistleblower Protection Directive and practical steps towards compliance. 

November 02, 2023

Learn more

Webinar

Ethics Program Management

Ethics Exchange: Risk assessments

Join our risk assessments experts as we discuss best practices, program templates, and how provide an assessment that provides the best value for your organization.

October 25, 2023

Learn more

Webinar

Ethics Program Management

Ethics Exchange: Investigations

Join our live webinar and learn how to conduct comprehensive ethics investigations that are trustworthy and efficient.

September 07, 2023

Learn more

Webinar

Third-Party Due Diligence

Driving excellence in third-party risk management: An in-depth look at different due diligence approaches

Join our in-depth webinar and learn how to define third-party due dilligence levels and when to apply them during your vendor management lifecycle.

July 20, 2023

Learn more

Webinar

Third-Party Due Diligence

A shortcut to third party due diligence fundamentals

In this webinar, we examine the scope of third-party due dilligence, best practices, and industry trends driving greater scrutiny on third parties.

July 13, 2023

Learn more

Webinar

Third-Party Due Diligence

Sanctions and export controls: Ensuring compliance

Watch our live expert webinar on understanding global sanctions and export controls and how to reduce your organiztion's risk exposure and ensure compliance.

June 29, 2023

Learn more

Video

Third-Party Risk

Third-party management demo

See how OneTrust's third-party management solution can help scale your third-party lifecycle and evaluate vendors with real-time risk intelligence.

June 27, 2023

Learn more

eBook

Ethics & Compliance

Creating an effective code of conduct

In this eBook, learn how to create an effective code of conduct with six key steps. 

June 01, 2023

Learn more

Webinar

Third-Party Risk

Unpacking the third-party risk regulatory landscape in the Nordic region and beyond

In this live webinar, our expert panel discuss emerging third-party risk regulatory trends in the Nordic region and show how OneTrust can help your business stay complaint.

May 30, 2023

Learn more

eBook

Third-Party Due Diligence

The global regulations driving third-party due diligence

Download our eBook learn how to start building a robust third-party due dilligence (TPDD) strategy that protects your brand and minimizes risk.

May 30, 2023

Learn more

Webinar

Third-Party Due Diligence

Ethics live Demo: Third Party Due Diligence webinar

Learn how OneTrust's Third-Party Due Dilligence, backed by Dow Jones, can help provide your business the data it needs to find trustworthy third parties and mitigate risk.

May 18, 2023

Learn more

In-Person Event

Ethics & Compliance

Ethics Exchange: Practical deep dive for third-party due diligence

Organizations are accountable for third-party actions, so they need robust due diligence to protect their reputation. Learn more at our ethics exchange event.

May 11, 2023

Learn more

Checklist

Ethics Program Management

Policy on development and administration of policies template

Get a head start on your ethics program and create a policy on development and administration of policies with our customizable template.

May 10, 2023

Learn more

Webinar

Third-Party Due Diligence

Maturing your third-party due diligence program: Process, data & technology

Experts at OneTrust and Dow Jones discuss third-party due diligence, covering industry trends, challenges, and how to streamline the process with technology.

April 27, 2023 1 min read

Learn more

Webinar

Ethics & Compliance

Unpacking the global third-party due diligence regulatory landscape

Learn how a strategic plan for compliance can help companies eliminate human rights and environmental violations and avoid costly consequences.

March 06, 2023

Learn more

Webinar

Ethics & Compliance

Third party due diligence – A practical deep dive

In this session, we'll look into the scope of third-party due diligence and a deep dive into practical implementation aspects and best practices for organizations.

December 13, 2022

Learn more

Report

Trust Intelligence

Trending toward trust

The "Trending toward trust" report from OneTrust highlights seven key trends that organizations need to know.

December 12, 2022

Learn more

Webinar

Ethics & Compliance

The number one metric for effective compliance programs: Continuous improvement

Join our webinar to learn how to develop and/or maintain a High-Quality E&C Program and what role data analytics play in improving your compliance program.

November 27, 2022

Learn more

Webinar

Ethics & Compliance

Best practices for conducting third-party due diligence for ethics & compliance

In this session, we'll explore the scope of third-party due diligence and best practices, such as industry trends driving greater scrutiny on third parties.

November 16, 2022

Learn more

Webinar

Ethics Program Management

Live demo: Conflicts of interest management webinar

Learn how to develop a holistic disclosure program, how to make it part of your risk assessment, and how to use it to meet regulatory obligations.

November 01, 2022

Learn more

Checklist

Ethics & Compliance

The CECO’s third party checklist

Use this checklist to ensure that your ethics and compliance program is effectively managing third parties across the entire relationship lifecycle.

October 28, 2022

Learn more

eBook

ESG & Sustainability

The CECO’s guide to managing third parties eBook

Download this eBook to learn the six steps in the lifecycle of risk-based third-party due diligence, compliance terms, and conditions, payment terms, etc.

October 27, 2022

Learn more

White Paper

Ethics & Compliance

Central vs. local intake and case management under the EU Whistleblowing Directive white paper

Download this white paper to learn the specific intake and case management requirements for local subsidiaries and offices across Europe.

October 25, 2022

Learn more

Webinar

Ethics & Compliance

The role of disclosures in risk assessment and management

In this webinar, we’ll discuss developing a holistic disclosure program, making it part of your risk assessment, and using it to meet regulatory obligations.

October 04, 2022

Learn more

White Paper

Ethics & Compliance

What CCOs need to know about the DOJ compliance certification requirement white paper

Download our white paper to learn how the DOJ’s new policy will empower CCOs, and discover what opportunities this new policy presents for your program.

September 01, 2022

Learn more

Webinar

Ethics & Compliance

How to transform your ethics management program through effective employee engagement

In this webinar, we’ll discuss how to develop a successful ethics management program and how to promote trust by developing awareness.

July 28, 2022

Learn more

White Paper

Ethics & Compliance

DOJ’s 2020 update to the evaluation of corporate compliance programs

This white paper explores the 2020 DOJ Compliance Guidance Update and where it takes corporate compliance programs this year and beyond.

July 15, 2022

Learn more

Checklist

Ethics & Compliance

DOJ self-assessment checklist

This enhanced DOJ guidance sets out a baseline, or the minimum standards, to demonstrate an effective ethics & compliance (E&C) program.

July 08, 2022

Learn more

Webinar

Ethics & Compliance

Conflicts of interest and disclosures

Join this roundtable with your peers and experts in ethics and compliance to discuss how to build a successful conflict of interest management program.

July 08, 2022

Learn more

Webinar

Ethics & Compliance

Effective policy governance and distribution

Join this roundtable to discuss how to create effective policies, run effective campaigns and report on each policy’s performance and influence. 

July 08, 2022

Learn more

Webinar

Ethics & Compliance

GDPR and the EU Whistleblower Protection Directive webinar

Join this webinar to learn how to review your whistleblowing processes to comply with the EU Whistleblower Protection Directive, the GDPR and others.

July 06, 2022

Learn more

Webinar

Ethics & Compliance

Hotline reporting under the EU Whistleblower Protection Directive: Unseen consequences, issues & practicalities

While there have been many articles and discussions around the EU Whistleblower Protection Directive, several significant issues have largely gone unnoticed. 

July 06, 2022

Learn more

Webinar

Ethics & Compliance

A hotline innovation masterclass: communications, awareness & confidentiality

Learn how to effectively train and raise awareness on your hotline and how to share information on the Directive so that your company remains compliant.

July 06, 2022

Learn more

Webinar

Ethics & Compliance

Evaluating hotline vendor compliance with the EU Whistleblower Protection Directive

Join us to learn how to choose a hotline vendor, and we also cover the onboarding and implementation process so that you can meet the Directive's deadline.

July 06, 2022

Learn more

Interactive Tool

Ethics & Compliance

Compliance KPIs worksheet interactive tool

Use this worksheet to understand what data you currently have, what you're lacking that may be important, and what certain data points may indicate.

July 05, 2022

Learn more

Webinar

Ethics & Compliance

Whistleblower retaliation under the EU Whistleblower Protection Directive: the reverse burden of proof

Learn how to implement anti-retaliation measures, and how to detect retaliation throughout the whistleblowing process using some new and novel techniques.

July 05, 2022

Learn more

eBook

Ethics & Compliance

14 key requirements to effective conflicts of interest management

Read this eBook to learn the key requirements that are fundamental to building a successful conflict of interest management program.

June 30, 2022

Learn more

Checklist

Ethics & Compliance

Annual compliance program checklist

Download our annual review compliance checklist to evaluate your E&C compliance program, identify key gaps, and prepare for the future.

June 30, 2022

Learn more

Checklist

Ethics & Compliance

Anti-retaliation checklist for compliance programs

Use these 19 questions to take a holistic look at how your program can improve training, investigations, policies, & more to prevent retaliation before it occurs.

June 17, 2022

Learn more

Checklist

Ethics & Compliance

EU Whistleblower Directive checklist

Assess your company's EU Whistleblower Directive compliance with this interactive checklist. 

June 16, 2022

Learn more

eBook

Ethics & Compliance

Ultimate guide to the EU Whistleblower Protection Directive

Download our free eBook on the EU Whistleblower Protection Directive learn its key requirements, who's protected, and answers to common questions. 

June 07, 2022

Learn more

eBook

Ethics & Compliance

The secret to effective policy management

Download this eBook and discover how a centralized policy management system helps drive compliance and ethics policy effectiveness. 

May 11, 2022

Learn more

eBook

Ethics & Compliance

How to build a speak-up culture

Download this step-by-step guide on building a speak-up culture and improve reporting rates. 

April 25, 2022

Learn more

eBook

Ethics & Compliance

Quick guide to the EU Whistleblower Directive

Use this guide to learn how the new EU Whistleblower Directive will be enforced, who is subject to it, and how to comply with it.

April 20, 2022

Learn more

Infographic

Ethics & Compliance

Infographic: The impact of an effective helpline on speak-up culture

Download this infographic and learn how an effective helpline is key to building a speak-up culture. 

April 08, 2022

Learn more

Interactive Tool

Ethics & Compliance

A simple conflict of interest disclosure form template

Download and customize this conflict of interest disclosure template to begin collecting voluntary disclosures at your organization.

April 05, 2022

Learn more

Webinar

Third-Party Due Diligence

7 best practices for conducting third-party due diligence for ethics & compliance

Watch this webinar and learn the seven best practices for third-party due diligence. 

January 03, 2022

Learn more

Webinar

Privacy & Data Governance

Data breach vs. ethics breach: How to prepare for both

In this webinar, we review case studies and tips from recent breaches and analyze which situations qualify as an "ethics breach."

July 07, 2021

Learn more