What is the Whistleblower Protection Act?
As the name implies, the Whistleblower Protection Act primarily focuses on protecting whistleblowers. It is intended to protect people who receive information regarding misconduct while performing or in connection with their professional activities (employees, customers, partners, etc.). These whistleblowers then report this misconduct to companies, public authorities or the press, for example, in order to reveal the misconduct and bring an end for the benefit of society.
Until now, whistleblowers have often faced the threat of severe legal consequences, primarily labor law sanctions such as having their career derailed, being dismissed and even criminal charges, etc.
The two dimensions of the Whistleblower Protection Act
The Whistleblower Protection Act addresses two issues to provide whistleblowers with legal protection and to create systems which enable misconduct to be reported without exposing whistleblowers to legal and moral difficulties.
The labor law dimension
On the one hand, it legally protects whistleblowers against the negative consequences of their actions. Section 35 of the Whistleblower Protection Act (HinSchG) clearly states that: “Reprisals directed against whistleblowers are prohibited. This also applies to threats and attempted reprisals.”
Therefore, whistleblowing need not involve any (legal) disadvantages for whistleblowers in the future and violating this provision may result in claims for damages.
The organizational dimension
At the same time, the law requires companies with more than 50 employees to establish and operate internal reporting offices. Each legal entity within a corporate group has to be considered individually in the calculation, although the group can also establish a central reporting office.
These internal reporting officers enable whistleblowers to submit information, including anonymous reports, without having to fear legal disadvantages. The reports must then be examined by the company and dealt with accordingly.
An external solution for internal hotlines
Companies are free to decide whether to set up and manage the internal reporting office themselves or entrust external companies with the task, as long as the legal requirements for the reporting office are fulfilled.
External solutions are often more effective approach as setting up these reporting offices is challenging, especially for smaller or medium-sized companies. External service providers then implement an internal reporting office for the company using specifically configured software solutions which comply with the data protection requirements. Given that this system does not necessarily have to be implemented using the company’s own IT, an external solution is not only easier in terms of the organization but also reduces the IT costs and IT compliance risks at the same time.
Now is the time to act!
The law has been a long time coming. Yet now is the time to actually take action: Companies with more than 249 employees are required to implement the Whistleblower Protection Act (HinSchG) as soon as it enters into force. Smaller companies with 50 to 249 employees, on the other hand, have until December 17, 2023.
These implementation deadlines need to be complied with, as companies can face considerable fines if they fail to establish a reporting office on time.
It is important to note that the implementing of internal reporting offices is subject to co-determination pursuant to Section 87 of the Works Constitution Act (BetrVG), and it is essential that companies bear this in mind.
The entry into force of the Whistleblower Protection Act on July 2, 2023 brings an end to a long period of uncertainty for companies.
However, this also means that numerous companies will have to establish a legally compliant whistleblower system within only a short period of time. This is a challenge that can be overcome with professional legal support.
The complete text of this still recent law can be consulted via the following link: https://www.recht.bund.de/bgbl/1/2023/140/VO