Skip to contents
Close
LOGIN
SEARCH
LANGUAGE – en
de
Get your demo
en
de
Get your demo
Hinweisgeberschutzgesetz

The Whistleblower Protection Act

The German Whistleblower Protection Act obliges companies to set up an internal reporting body to protect whistleblowers.

The Whistleblower Protection Act: What is it?

The aim of the Whistleblower Protection Act is to establish a common minimum standard to ensure a high level of protection for whistleblowers who report violations of EU and national law.

New requirements for your company: Among the numerous new requirements, the Whistleblower Protection Act requires companies in particular to set up an internal reporting body for whistleblowers.

The obligation to set up an internal reporting body


Companies are obliged to implement an internal reporting body. 

The scope

Companies with 250 employees or more must set up an internal reporting body as of July 2, 2023.
Companies with 50 to 249 employees or more have been required to set up an internal reporting body since December 17, 2023.

 

The reporting channel

Reporting channels must be designed in such a way that the report can be transmitted via the channel either verbally, e.g. hotline; answering machine, by personal meeting, physically e.g. letterbox, e-mail or via IT-supported solutions, i.e. digital or web-based systems.

The internal reporting body

Whistleblowers, i.e. persons who have obtained information about violations in connection with their professional activity or prior to a professional activity, can contact internal reporting bodies to submit reports.

Requirements for the internal reporting body

The exact requirements for an internal reporting body may vary depending on the country and specific legal provisions. However, according to the German Whistleblower Protection Act, the following requirements apply:

  • Confidentiality
  • Accessibility
  • Independence
  • Documentation and reporting
  • Whistleblower protection
The internal reporting office should also process incoming reports that are anonymous. However, there is no obligation to design the reporting channels in such a way that they allow anonymous reports to be submitted.
The reporting body must be easily accessible for employees and offer various communication channels to enable whistleblowers to report grievances. This can be ensured, for example, through a telephone hotline, e-mail or a web form.
In order to ensure that incoming reports are treated objectively and neutrally, external third parties in the form of an ombudsperson can also be commissioned to process the reports.
The hotline should systematically document reports and establish an appropriate reporting mechanism to ensure that reported grievances are properly investigated and appropriate action is taken.
Whistleblowers should be protected from repercussions or negative consequences if they report a whistleblowing incident. This can be achieved, for example, through clear guidelines and procedures for investigating reported abuses as well as appropriate protective measures for whistleblowers.
Hinweisgeber Datenschutz

Whistleblower Protection Act & Data Protection

All personal data, both that of the reporting person and of any accused persons, must therefore be processed in accordance with the EU General Data Protection Regulation and the German Federal Data Protection Act. You should particularly ensure that:

  • the retention and deletion periods are observed,
  • a commissioned data processing agreement has been concluded for the commissioning of external ombudspersons,
  • the data protection declarations for referring persons are available and
  • the data processing is carried out by technically appropriate systems.

Whistleblower Protection Act & Works Council

Do you need the approval of your works council when setting up a whistleblowing system in your company?
In general, the consent of the works council depends on national legislation and the individual circumstances in your company. In some countries, setting up a whistleblowing system may be considered a change in working conditions that requires the consent of the works council. In other countries, the works council may only have a right to information and consultation.

Hinweisgeber Betriebsrat

Numerous laws - A legally compliant solution!

In addition to the Whistleblower Protection Act, there are other regulations and recommendations from other sources, some of which are statutory, that require companies to set up an internal reporting office:

  • The Act on Corporate Due Diligence Obligations in Supply Chains

  • The Stock Cooperation Act
  • Insurance Supervision Act
  • Federal Financial Supervisory Authority
  • The German Corporate Governance Codex

The objectives of these laws and regulations are identical: to create the possibility of reporting information on possible legal violations to an independent body. Request your non-binding offer for the implementation of the whistleblowing channel via Eticor now and implement the requirements of the above-mentioned laws and regulations in a legally compliant manner.

Your personal contacts

Do you have any questions or are you interested in a consultation? Then we look forward to your message and hearing from you.

Eticor Yvonne Bahke
YVONNE BAHKE

Dipl. Jur. (Univ.)
Project Manager Sales
ESG Compliance Expert
y.bahke@eticor.com
+49 6022 2656 – 139

Eticor Thomas Teschner
THOMAS TESCHNER

Ass. jur.
ESG Compliance Expert
t.teschner@eticor.com
+49 6022 2656 – 120