Data privacy considerations for implementing a whistleblowing hotline in the EU
Is your whistleblowing hotline ready for the GDPR?
While there is currently no legislative requirement to implement a hotline service in Europe, the United States Sarbanes-Oxley legislation has required European-based subsidiaries of US companies to also have hotlines and speak-up programmes.
A challenge for these companies, and for other European companies that want to implement a reporting service, is that they also need to comply with the imminent European General Data Privacy Regulation (GDPR) operation that places restrictions on information gathered through hotlines. This, combined with the cultural aversion to denunciations and the difficulty in ensuring that data privacy considerations are taken into account, means that there is a long way to go before hotline services are a standard component of EU compliance programmes.
This whitepaper includes steps and considerations for implementing a hotline service in the EU.