The directive is intended to regulate the protection of persons who report irregularities in an organization.
It is possible to report shortcomings and violations through three channels.
Public and private institutions employing more than 50 people or municipalities with more than 10,000 residents.
Private entities employing over 250 employees.
Financial market entities and entities dealing with AML / CF, regardless of the number of employees and the sector.
Legal entities in the private sector with 50-249 employees.
Internal channel reporting systems must ensure security and confidentiality. The Directive stipulates that the identity of the Whistleblower may not be disclosed to any unauthorized person who is not part of the group for receiving reports and solving problems.
The processing of personal data must be in accordance with the GDPR and Directive 2016/680. This refer to personal data processed under the Whistleblower Directive, including the exchange or transfer of personal data by competent authorities.