Data privacy considerations for implementing a whisteblowing hotline system in the EU
Is your hotline ready for GDPR?...
While there is currently no legislative requirement to implement a hotline service in Europe, the United States Sarbanes-Oxley legislation has required European-based subsidiaries of US companies to also have hotlines and speak-up programmes.
A challenge for these companies, and for other European companies that want to implement a reporting service, is that they also need to comply with the imminent European General Data Privacy Regulation (GDPR) operation that places restrictions on information gathered through hotlines. This, combined with the cultural aversion to denunciations and the difficulty in ensuring that data privacy considerations are taken into account, means that there is a long way to go before hotline services are a standard component of EU compliance programmes.
That notwithstanding, many global companies have opted to ensure that their hotlines (or ‘whistleblowing programmes’) are available to their employees worldwide.
This whitepaper addresses some key points to consider when implementing a hotline in Europe.