Skip to content

System of whistleblowers’ protection

On December 17th, 2021, expires the deadline for implementation of the Directive (EU) 2019/1937 of the European Parliament and the Council of 23 October 2019 on the protection of persons who report breaches of Union law. The Polish act has not been adapted yet but a draft is available. There will be 14 days for implementation by entrepreneurs new obligations imposed by the act. The act requires i.a. implementation of whistleblowers’ protection system.

Who is whistleblower?

A definition of whistleblower is in the draft of the act very wide. According to it a whistleblower is a physical person who reports or publicly reveals information about law infringement, noticed in connection with work. It concerns an employee, but also a contractor and even a volunteer.

What infringements may be reported?

Pursuant to Article 3 of the draft of the act, whistleblowers may report acts or omissions not compliant with law or aiming at circumvention of law, in many areas of law including public tenders, prevention of money laundering and financing terrorism, environment protection or consumer protection. The scope is really very wide and entrepreneurs may additionally cover by the system of whistleblowers’ protection other, not mentioned in the act, areas.

Regulation on internal reporting

An employer employing more than 49 employees will be obliged to prepare and implement a regulation on internal reporting. The regulation should cover reporting infringements by employees. However, employer may extend the regulation to all categories of whistleblowers.

The regulation should determine i.a.:

  • internal entity entitled by the employer to receive reports;
  • methods of reporting;
  • organizationally independent entity authorized to take actions after the reporting, including verification of the report and communication with the whistleblower, including asking for additional information and giving responses to the whistleblower;
  • obligation of confirming to the whistleblower that his report was received, within 7 days after its reception;
  • maximum deadline for response to the whistleblower;
  • information about procedure of external reporting to public bodies and, when applicable, to institutions, bodies and entities of the European Union.

All reports and whistleblowers’ data should remain confidential.

Register of internal reporting

Apart from preparing and implementing the regulation on internal reporting, employer is also obliged to have a register of internal reporting (and at this occasion he is also a controller of personal data included in the register). Each internal reporting should be entered into the register. Data should be kept in the register 5 years from the date of reporting.

Prohibition of retaliation

No retaliation towards the whistleblower is allowed. In particular it is prohibited to resign from hiring the whistleblower, fire him, decrease his remuneration, refuse promotion or transfer to lower position.

Criminal liability

New act introduces criminal liability (even 3 years of imprisonment) for obstruction of reporting, retaliation towards whistleblower or not keeping confidentiality of the report or the whistleblower. Not establishing or improper establishing of internal reporting procedure is also endangered with criminal liability.

Tomasz Korolko

Partner

Back To Top