EN
Technology

The Danish Data Protection Authority’s whistleblower scheme is on the way

logo
Legal news
calendar 23 September 2021
globus Denmark

The Danish Data Protection Authority’s new whistleblower scheme will be ready in December. With this coming external solution, employees in for example smaller companies – that are not required to establish a whistleblower scheme just yet – can already begin reporting under the new rules this year.

On 17 December 2021, most of the new requirements on the protection of whistleblowers enters into force. First and foremost, the new requirements entail that larger companies must have established internal whistleblower schemes by the deadline. At the same time, the new requirements also mean that the Danish Data Protection Authority must have established an external whistleblower scheme by the deadline. Whistleblowers will have access to report to this external scheme regardless of whether they have access to an internal whistleblower scheme, or not.

We have previously described the new rules here.

Supplement to the internal schemes

The Danish Data Protection Authority’s new whistleblower scheme will be established via a separate website with the necessary guidance and information. Among other things, the website will include examples on what matters whistleblowers can report to the external scheme. This is because not all matters can be reported, whereafter reports must either concern certain areas of EU-law, serious breaches of law or other serious matters.

Whistleblowers can then report to the Danish Data Protection Authority’s whistleblower scheme by phone or verbally, at a physical meeting. Whistleblowers can also choose to submit their report anonymously.

The Danish Data Protection Authority’s external whistleblower scheme should be seen as a supplement to the internal schemes that will be established at workplaces up until 2023. The external scheme is meant to ensure that for example employees whose workplace is not required to establish a scheme until later, or employees who feel unsafe using the internal scheme, also have access to report.

Although reports under the whistleblower scheme are confidential, the Danish Data Protection Authority will be publishing a yearly report with information on, among other things, the number of reports received, themes of the reported matters and the processing status.

IUNO’s opinion

Even though smaller companies have an extended deadline and are not required to establish whistleblower schemes until 17 December 2023 at the latest, the Danish Data Protection Authority’s new whistleblower scheme allows employees and other whistleblowers to already start reporting this year.

IUNO also recommends that companies are aware of the requirement that employees should be encouraged in a clear way to use the company’s internal scheme over the Danish Data Protection Authority’s external scheme. However, this only applies if the matter can be dealt with effectively with internally and the whistleblower considers there is no risk of punishment.

Read more about how IUNO can help your company comply with the new rules here.

[The Danish Act on the protection of whistleblowers of 24 June 2021]

On 17 December 2021, most of the new requirements on the protection of whistleblowers enters into force. First and foremost, the new requirements entail that larger companies must have established internal whistleblower schemes by the deadline. At the same time, the new requirements also mean that the Danish Data Protection Authority must have established an external whistleblower scheme by the deadline. Whistleblowers will have access to report to this external scheme regardless of whether they have access to an internal whistleblower scheme, or not.

We have previously described the new rules here.

Supplement to the internal schemes

The Danish Data Protection Authority’s new whistleblower scheme will be established via a separate website with the necessary guidance and information. Among other things, the website will include examples on what matters whistleblowers can report to the external scheme. This is because not all matters can be reported, whereafter reports must either concern certain areas of EU-law, serious breaches of law or other serious matters.

Whistleblowers can then report to the Danish Data Protection Authority’s whistleblower scheme by phone or verbally, at a physical meeting. Whistleblowers can also choose to submit their report anonymously.

The Danish Data Protection Authority’s external whistleblower scheme should be seen as a supplement to the internal schemes that will be established at workplaces up until 2023. The external scheme is meant to ensure that for example employees whose workplace is not required to establish a scheme until later, or employees who feel unsafe using the internal scheme, also have access to report.

Although reports under the whistleblower scheme are confidential, the Danish Data Protection Authority will be publishing a yearly report with information on, among other things, the number of reports received, themes of the reported matters and the processing status.

IUNO’s opinion

Even though smaller companies have an extended deadline and are not required to establish whistleblower schemes until 17 December 2023 at the latest, the Danish Data Protection Authority’s new whistleblower scheme allows employees and other whistleblowers to already start reporting this year.

IUNO also recommends that companies are aware of the requirement that employees should be encouraged in a clear way to use the company’s internal scheme over the Danish Data Protection Authority’s external scheme. However, this only applies if the matter can be dealt with effectively with internally and the whistleblower considers there is no risk of punishment.

Read more about how IUNO can help your company comply with the new rules here.

[The Danish Act on the protection of whistleblowers of 24 June 2021]

Receive our newsletter

Anders

Etgen Reitz

Partner

Kirsten

Astrup

Senior associate

Similar

logo
Technology HR-legal Corporate

2 November 2021

Joint whistleblower schemes for multinationals

logo
HR Legal Corporate Technology

20 October 2021

New Act on the protection of whistleblowers on the way

logo
Technology

7 October 2021

Holiday did not excuse delayed communication of data breach

logo
Technology

9 September 2021

Failure to comply with retention periods resulted in EUR 1.75 million fine

logo
Technology

1 September 2021

Can companies “snoop” in former employees’ e-mail accounts?

logo
HR Legal Technology

29 August 2021

GDPR did not prevent company from sharing employee data with trade union

The team

Anders

Etgen Reitz

Partner

Kirsten

Astrup

Senior associate