The Danish Data Protection Authority’s whistleblower scheme is on the way
The Danish Data Protection Authority’s new whistleblower scheme will be ready in December. With this coming external solution, employees in for example smaller companies – that are not required to establish a whistleblower scheme just yet – can already begin reporting under the new rules this year.
On 17 December 2021, most of the new requirements on the protection of whistleblowers enters into force. First and foremost, the new requirements entail that larger companies must have established internal whistleblower schemes by the deadline. At the same time, the new requirements also mean that the Danish Data Protection Authority must have established an external whistleblower scheme by the deadline. Whistleblowers will have access to report to this external scheme regardless of whether they have access to an internal whistleblower scheme, or not.
We have previously described the new rules here.
Supplement to the internal schemes
The Danish Data Protection Authority’s new whistleblower scheme will be established via a separate website with the necessary guidance and information. Among other things, the website will include examples on what matters whistleblowers can report to the external scheme. This is because not all matters can be reported, whereafter reports must either concern certain areas of EU-law, serious breaches of law or other serious matters.
Whistleblowers can then report to the Danish Data Protection Authority’s whistleblower scheme by phone or verbally, at a physical meeting. Whistleblowers can also choose to submit their report anonymously.
The Danish Data Protection Authority’s external whistleblower scheme should be seen as a supplement to the internal schemes that will be established at workplaces up until 2023. The external scheme is meant to ensure that for example employees whose workplace is not required to establish a scheme until later, or employees who feel unsafe using the internal scheme, also have access to report.
Although reports under the whistleblower scheme are confidential, the Danish Data Protection Authority will be publishing a yearly report with information on, among other things, the number of reports received, themes of the reported matters and the processing status.
IUNO’s opinion
Even though smaller companies have an extended deadline and are not required to establish whistleblower schemes until 17 December 2023 at the latest, the Danish Data Protection Authority’s new whistleblower scheme allows employees and other whistleblowers to already start reporting this year.
IUNO also recommends that companies are aware of the requirement that employees should be encouraged in a clear way to use the company’s internal scheme over the Danish Data Protection Authority’s external scheme. However, this only applies if the matter can be dealt with effectively with internally and the whistleblower considers there is no risk of punishment.
Read more about how IUNO can help your company comply with the new rules here.
[The Danish Act on the protection of whistleblowers of 24 June 2021]
On 17 December 2021, most of the new requirements on the protection of whistleblowers enters into force. First and foremost, the new requirements entail that larger companies must have established internal whistleblower schemes by the deadline. At the same time, the new requirements also mean that the Danish Data Protection Authority must have established an external whistleblower scheme by the deadline. Whistleblowers will have access to report to this external scheme regardless of whether they have access to an internal whistleblower scheme, or not.
We have previously described the new rules here.
Supplement to the internal schemes
The Danish Data Protection Authority’s new whistleblower scheme will be established via a separate website with the necessary guidance and information. Among other things, the website will include examples on what matters whistleblowers can report to the external scheme. This is because not all matters can be reported, whereafter reports must either concern certain areas of EU-law, serious breaches of law or other serious matters.
Whistleblowers can then report to the Danish Data Protection Authority’s whistleblower scheme by phone or verbally, at a physical meeting. Whistleblowers can also choose to submit their report anonymously.
The Danish Data Protection Authority’s external whistleblower scheme should be seen as a supplement to the internal schemes that will be established at workplaces up until 2023. The external scheme is meant to ensure that for example employees whose workplace is not required to establish a scheme until later, or employees who feel unsafe using the internal scheme, also have access to report.
Although reports under the whistleblower scheme are confidential, the Danish Data Protection Authority will be publishing a yearly report with information on, among other things, the number of reports received, themes of the reported matters and the processing status.
IUNO’s opinion
Even though smaller companies have an extended deadline and are not required to establish whistleblower schemes until 17 December 2023 at the latest, the Danish Data Protection Authority’s new whistleblower scheme allows employees and other whistleblowers to already start reporting this year.
IUNO also recommends that companies are aware of the requirement that employees should be encouraged in a clear way to use the company’s internal scheme over the Danish Data Protection Authority’s external scheme. However, this only applies if the matter can be dealt with effectively with internally and the whistleblower considers there is no risk of punishment.
Read more about how IUNO can help your company comply with the new rules here.
[The Danish Act on the protection of whistleblowers of 24 June 2021]
Similar
Updated guidelines regarding breaches of data security
New rules on CCTV monitoring
The new NIS 2 Act has entered into force
New draft bill to protect against misuse of deepfakes
New rules on responsible use of AI have entered into force
Simplification of record-keeping obligations under the GDPR is on the way