1. Channels for receiving the reports, which are designed, set up and operated in a secure manner that ensures the confidentiality of the identity of the whistleblower and any third party mentioned in the report, and prevents access to non-authorised staff members. Such channels must allow for reporting in writing and/or orally, by telephone or other voice messaging systems, and upon the request of the whistleblower, via a physical meeting within a reasonable timeframe.
The WhistleB whistleblowing system allows the whistleblower to remain confidential throughout the entire process. The WhistleB system guarantees full technical anonymity of the whistleblower during reporting and follow-up. All communication is end-to-end encrypted.
2. An acknowledgment of receipt of the report must be provided to the whistleblower within no more than seven days of receipt.
The WhistleB system allows for confirmation to be provided to the whistleblower within 7 days.
3. The designation of an impartial person or department for following up on the reports, and maintaining communication, asking for further information and providing feedback to the whistleblower.
The WhistleB Case management tool is designed to ensure that users manage cases according to the Directive, from offering the service to reception, investigation, closing, archiving and deleting a case.
4. Record keeping of every report received, in compliance with the confidentiality requirements.
The WhistleB system includes Activity and User logs for secure record keeping of all stages of case management.
5. Diligent follow-up of the report by the designated person or department, also anonymous reporting, where provided for in national law.
WhistleB Resource Centre provides relevant information on national legal requirements.
6. A reasonable timeframe for providing feedback to the whistleblower about the report follow-up, within three months of the acknowledgment of receipt.
The WhistleB system allows feedback to be provided to the whistleblower within 3 months of investigation.
7. Clear and easily accessible information regarding the conditions and procedures for reporting externally to competent authorities.
Once confirmed by each member state, information will be available in the WhistleB Resource Centre.
8. GDPR compliant processing. The WhistleB system enables users to comply with the GDPR requirements for the handling of personal data, as well as protection by default and by design.
The system is heavily encrypted, and all data is stored in safe servers located in the EU. Access to data is only possible by individuals appointed by the customer.