Fast deployment of the system
The digital whistleblower system is provided online via the Internet and/or the company's intranet.
The company can then immediately initiate the necessary measures to prevent damage or - if a violation has already been committed - to minimize economic damage. In addition, a company can thereby avoid damage to its reputation - which is important in the business world - or damage to its image.
Requirements for a whistleblowing system
Digital whistleblowing systems must comply with a wide range of legal, technical and organizational requirements:
The Directive first stipulates that the processing of personal data processed in a digital whistleblower system must be carried out in accordance with the General Data Protection Regulation ("GDPR"). In this context, the specifications of the Conference of Independent Data Protection Authorities of the Federal Government and the Federal States on whistleblower systems must also be observed, among other things. The implementation of the principles of legality, rights of data subjects, documentation requirements, and technical and organizational measures are an essential component of a proper digital whistleblower system. In this context, the confidentiality of the identity of the whistleblower and the third parties mentioned in a report must also be ensured, especially from a technical and organizational perspective. Unauthorized persons must not be able to access this information. Furthermore, it must be possible to submit reports anonymously, i.e., it must not be possible to identify the whistleblower.
In particular, the completeness and integrity of the information must also be guaranteed technically. Likewise, all reports must be documented in compliance with data protection law and confidentiality obligations in accordance with the directive. The implementation of deletion specifications and concepts for personal data forms an essential functionality of a legally compliant whistleblower system. Data that is obviously not relevant to the processing of a specific report or is no longer required for the purpose must always be deleted, unless other permissible circumstances justify further storage or processing of the data.
A digital whistleblower system should also support the company in the implementation of further compliance measures or - as the directive states - "follow-up measures" after receipt of the report and accompany these processes in a structured manner. The directive not only requires the implementation of a whistleblower system, but also the establishment of procedures for internal reports and for follow-up measures. By "follow-up", the Directive means the measures taken by the company to verify the validity of the allegations made in the report and internal inquiries, investigations, prosecutions or a conclusion of the proceedings.
The HINTBOX implements all legal, technical and organizational requirements for a digital whistleblower system. Our HINTBOX can protect your company from damage.
Try the HINTBOX today and get a free annual subscription.