Soon there will be legal protection for whistleblowers. What are the employer’s obligations?

Allen & Overy LLP

The Grand Duchy of Luxembourg has just tabled a bill aimed at transposing the European Directive on whistleblowers. Even if the bill has to go through the entire legislative process, and will most certainly see its text modified, employers are invited to begin an internal reflection of the implementation of their future obligations.

Here is a general presentation of the bill (hereafter the Bill). An updated newsletter will be sent to you as soon as the Bill has been voted on in its final version.

An extended and strengthened protection regime[1]

Whistleblowers who, in the course of their professional activities, report or disclose specific infringements will soon benefit from an extended and strengthened protection regime. Unlike the Directive, the Bill covers breaches of all national law (including, therefore, labour law) and not just the financial services, the prevention of money laundering and terrorist financing, the protection of privacy and personal data, and the security of networks and information systems.

Protection provided by reporting channels and legal remedies for whistleblowers

In order to ensure the protection of whistleblowers, two main courses of action are envisaged:

  • The establishment of internal and external reporting channels and, in some cases, the possibility of public disclosure; and
  • The introduction of legal protection for whistleblowers and their relatives, which includes the establishment of legal remedies in the event of reprisals (such as dismissal, non-renewal of a fixed-term contract, refusal to promote, the changing of workplace or working hours, intimidation, etc.), the latter being prohibited and punished in all their forms.

Protection not limited to employees of the company

The protection will not only apply to employees, but also to trainees, volunteers, self-employed workers, job applicants, former employees, etc. Its scope is very broad.

Creation of a reporting office

The Bill provides for the creation of a reporting office, whose mission will be to inform and help whistleblowers in their approach.

How should employers prepare?

Companies with more than 50 employees will be obliged to set up internal reporting channels, inform employees of the implementation and use of this system (e.g. who will process the information and how will internal investigations be conducted?) and ensure that infringements reported by whistleblowers are taken seriously and followed up.

Reporting channels may be managed internally by a designated person or department, or provided externally by a third party.

Channels for receiving reports should be designed, established and managed in such a way as to ensure the anonymity of the whistleblower and any third parties mentioned in the report. Any processing of personal data carried out in this regard must comply with the General Data Protection Regulation (the GDPR), particularly with respect to the principle of data minimisation (ie only data relevant to the report may be processed).

In order to prioritise internal reporting and thus minimise the financial and reputational risks associated with public disclosures, it is recommended that companies ensure that their internal reporting channels are efficient and easy to use. In this respect, the implementation of an electronic/online whistleblowing system, compliant with the GDPR, has the advantage of guaranteeing the security and anonymity of whistleblowers.

The channels and procedures for internal reporting and follow-up will be established after the involvement of staff representatives.

From when will the obligation relating to internal channels apply?

The Directive and the Bill both provide for a transition period lasting until 17 December 2023, after which the obligations relating to internal channels within legal entities that operate in the private sector and which employ between 50 and 249 workers will come into force.

For companies operating in the private sector with 250 or more employees, the requirement to set up internal channels should be immediate.

[1] In the area of financial services, detailed rules on the protection of whistleblowers already exist. These special sectoral laws will, in principle, not be affected by the general provisions of this bill.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© A&O Shearman

Written by:

A&O Shearman
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

A&O Shearman on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide