Are you looking for an efficient reporting and whistleblowing system? Then you've come to the right place: our software solution comprises two different, cross-industry solutions that meet your requirements.
You can choose between a fully integrated reporting system in R2C_GRC with individual configurability or a cloud-based alternative that is ready for use from 50 employees and can be implemented quickly. Both solutions not only support your company in implementing the far-reaching requirements of the German Whistleblower Protection Act (HinSchG) in full and in compliance with the GDPR.
A whistleblower system or an "internal reporting office" is a communication concept that provides employees and other stakeholders of a company with confidential communication channels through which they can report misconduct and violations verbally or in text form and, if desired, in person.
In accordance with the German Whistleblower Protection Act (HinSchG), the confidential communication channels of a compliant whistleblower system must protect the identity of the whistleblower at all times - and thus meet the complex requirements of the GDPR:
- Establishment of an internal or external telephone number to enable verbal reporting by telephone or other voice transmission. In addition to constant availability, it must also be ensured that no unauthorized persons (such as the internal IT department) have access to the telephone line.
- Implementation of an internal e-mail address for reporting breaches in text form: Here too, it must be guaranteed that persons within the company who are not responsible do not gain any knowledge of the identity of the person making the report or the content of the report itself, for example by accessing the internal mail server.
However, it is not only the communication channels that are subject to high legal and data protection requirements. The persons tasked with operating the company's internal whistleblowing system must also meet defined criteria:
- The persons appointed must be independent in the performance of their duties. Although they may also work elsewhere in the company, it must be ensured that no conflicts of interest arise from these additional activities.
- The appointed persons must have the necessary expertise in dealing with whistleblowers, such as an (external) ombudsperson, trade union or employee representatives, consultants, lawyers, etc., who must be available at all times.
The Whistleblower Protection Act (HinSchG) transposes the EU Whistleblower Directive (EU) 2019/1937, which standardizes the protection of whistleblowers across the EU, into German law.
The primary objective of the German Whistleblower Protection Act (HinSchG) is to protect whistleblowers: It prohibits any reprisals and retaliation against natural persons who have obtained information about misconduct or violations in the course of their professional activities and pass this information on to an internal or external reporting office.
To ensure this protection, the German Whistleblower Protection Act contains comprehensive and far-reaching regulations that are mandatory for large parts of the economy as well as the public sector:
- Companies with 250 or more employees had to introduce secure whistleblower systems by July 2, 2023 that enable both employees and third parties from the environment to confidentially report substantiated suspicions, grievances or criminal offenses
- Companies with 50 - 249 employees have a transitional period until December 17, 2023 to implement a corresponding whistleblower system
- Public sector companies, municipalities with more than 10,000 inhabitants and cities were already required to offer whistleblowing systems from mid-June 2023
- Whistleblowers must be able to submit their report verbally or in writing and, if desired, in person
- A whistleblowing system must also enable anonymous reporting of violations while still ensuring communication and feedback with the whistleblower
- Compliance with processing deadlines: The internal reporting office must confirm receipt of the report to the whistleblower within seven days. The whistleblower must be informed of the status of the internal investigation, its findings and the measures taken within three months.
- Areas of law covered by the HinSchG: EU law and national law if it concerns offenses punishable by law (criminal offense) or fines (administrative offense) that endanger the protection of life, limb or health as well as the rights of employees.
- Companies must provide information about the competent supervisory authorities.
- Sanctions and fines: Companies and organizations that fall under the German Whistleblower Protection Act (HinSchG) and do not comply with their obligation to implement a whistleblower system or an internal reporting office can be sanctioned and fined up to 20,000 euros.
Whistleblowers are protected by the German Whistleblower Protection Act (HinSchG) if they report a number of violations as well as optimization tips. These include, for example, the following:
Violations and optimization suggestions that fall under the HinSchG across all industries:
- Violation of competition or antitrust law
- Tax incidents (tax compliance)
- Violation of accounting or bookkeeping regulations
- Violation of labor regulations
- Violation of health regulations
- Violations of other guidelines
- Harassment, bullying, verbal aggression
- Security incidents
- Data protection incidents
- Ideas or suggestions for improvement
- Violation of environmental regulations
- Risk reports
- IT security incidents
Misconduct and improvements covered by the HinSchG in the healthcare sector:
- CIRS reports (Critical Incidents)
- Data protection breaches
- Suggestions for improvement
- Idea management
- General damage reports
- Property damage
- Verbal aggression
- Falls & bedsores
- Stab and cut injuries
- Isolation reporting system
- Security incidents