EN
Technology

The Danish Data Protection Authority’s whistleblower scheme is on the way

logo
Legal news
calendar 23 September 2021
globus Denmark

The Danish Data Protection Authority’s new whistleblower scheme will be ready in December. With this coming external solution, employees in for example smaller companies – that are not required to establish a whistleblower scheme just yet – can already begin reporting under the new rules this year.

On 17 December 2021, most of the new requirements on the protection of whistleblowers enters into force. First and foremost, the new requirements entail that larger companies must have established internal whistleblower schemes by the deadline. At the same time, the new requirements also mean that the Danish Data Protection Authority must have established an external whistleblower scheme by the deadline. Whistleblowers will have access to report to this external scheme regardless of whether they have access to an internal whistleblower scheme, or not.

We have previously described the new rules here.

Supplement to the internal schemes

The Danish Data Protection Authority’s new whistleblower scheme will be established via a separate website with the necessary guidance and information. Among other things, the website will include examples on what matters whistleblowers can report to the external scheme. This is because not all matters can be reported, whereafter reports must either concern certain areas of EU-law, serious breaches of law or other serious matters.

Whistleblowers can then report to the Danish Data Protection Authority’s whistleblower scheme by phone or verbally, at a physical meeting. Whistleblowers can also choose to submit their report anonymously.

The Danish Data Protection Authority’s external whistleblower scheme should be seen as a supplement to the internal schemes that will be established at workplaces up until 2023. The external scheme is meant to ensure that for example employees whose workplace is not required to establish a scheme until later, or employees who feel unsafe using the internal scheme, also have access to report.

Although reports under the whistleblower scheme are confidential, the Danish Data Protection Authority will be publishing a yearly report with information on, among other things, the number of reports received, themes of the reported matters and the processing status.

IUNO’s opinion

Even though smaller companies have an extended deadline and are not required to establish whistleblower schemes until 17 December 2023 at the latest, the Danish Data Protection Authority’s new whistleblower scheme allows employees and other whistleblowers to already start reporting this year.

IUNO also recommends that companies are aware of the requirement that employees should be encouraged in a clear way to use the company’s internal scheme over the Danish Data Protection Authority’s external scheme. However, this only applies if the matter can be dealt with effectively with internally and the whistleblower considers there is no risk of punishment.

Read more about how IUNO can help your company comply with the new rules here.

[The Danish Act on the protection of whistleblowers of 24 June 2021]

On 17 December 2021, most of the new requirements on the protection of whistleblowers enters into force. First and foremost, the new requirements entail that larger companies must have established internal whistleblower schemes by the deadline. At the same time, the new requirements also mean that the Danish Data Protection Authority must have established an external whistleblower scheme by the deadline. Whistleblowers will have access to report to this external scheme regardless of whether they have access to an internal whistleblower scheme, or not.

We have previously described the new rules here.

Supplement to the internal schemes

The Danish Data Protection Authority’s new whistleblower scheme will be established via a separate website with the necessary guidance and information. Among other things, the website will include examples on what matters whistleblowers can report to the external scheme. This is because not all matters can be reported, whereafter reports must either concern certain areas of EU-law, serious breaches of law or other serious matters.

Whistleblowers can then report to the Danish Data Protection Authority’s whistleblower scheme by phone or verbally, at a physical meeting. Whistleblowers can also choose to submit their report anonymously.

The Danish Data Protection Authority’s external whistleblower scheme should be seen as a supplement to the internal schemes that will be established at workplaces up until 2023. The external scheme is meant to ensure that for example employees whose workplace is not required to establish a scheme until later, or employees who feel unsafe using the internal scheme, also have access to report.

Although reports under the whistleblower scheme are confidential, the Danish Data Protection Authority will be publishing a yearly report with information on, among other things, the number of reports received, themes of the reported matters and the processing status.

IUNO’s opinion

Even though smaller companies have an extended deadline and are not required to establish whistleblower schemes until 17 December 2023 at the latest, the Danish Data Protection Authority’s new whistleblower scheme allows employees and other whistleblowers to already start reporting this year.

IUNO also recommends that companies are aware of the requirement that employees should be encouraged in a clear way to use the company’s internal scheme over the Danish Data Protection Authority’s external scheme. However, this only applies if the matter can be dealt with effectively with internally and the whistleblower considers there is no risk of punishment.

Read more about how IUNO can help your company comply with the new rules here.

[The Danish Act on the protection of whistleblowers of 24 June 2021]

Receive our newsletter

Anders

Etgen Reitz

Partner

Kirsten

Astrup

Senior associate

Similar

logo
Technology

16 June 2022

Unfortunate software update gave thousands of employees access to job applications

logo
Technology

2 June 2022

Failure to inform shareholder breached the data protection rules

logo
Technology

28 April 2022

First fine to a public authority for breach of the data protection rules

logo
Technology

31 March 2022

New guidelines clarify when processing is an international data transfer

logo
Technology

31 March 2022

24/7 CCTV monitoring at the workplace was a breach of the data protection rules

logo
Technology

24 February 2022

No unconditional right of access under whistleblower schemes

The team

Anders

Etgen Reitz

Partner

Kirsten

Astrup

Senior associate