On May 12, 2023, Germany voted its transposition of the EU Whistleblowing Directive into national law: the new German Whistleblower Protection Act, also known as Hinweisgerberschutzgesetz or HinSchG.
Implementing this new whistleblowing law brings forth a transformative era for organisations operating in Germany. The HinSchG is strengthening whistleblowers' protection and clarifying Germany’s legal framework for whistleblowing.
With a new set of requirements for organisations, this law also addresses the risk of reputational damage to companies and public authorities. The law establishes incentives to favour internal reporting channels and allows public disclosure as a secondary option, only under specific conditions. Therefore, the new German Whistleblower Protection Act explicitly highlights the importance of a robust internal whistleblowing system for organisations.
Key elements of the German Whistleblower Protection Act (Hinweisgerberschutzgesetz) for organisations
Establishing internal reporting channels allowing both oral and written reporting methods
For every organisation with more than 50 employees, an internal reporting system must be set up to allow reports from whistleblowers.
With this requirement, the HinSchG is pushing for the modernisation of whistleblowing systems in organisations. Indeed, “traditional” reporting systems such as a simple email address, or a unique telephone number become outdated and are not sufficient to comply with the new law: now, you need to be equipped to receive reports in several formats.
Dealing with incoming reports in multiple formats (in text, through a form, by phone, by voice recording, ...) represents a new organisational challenge for organisations. Having a whistleblowing system able to centralise all data in one place will give you comprehensive metrics and data that are essential to reporting on the success of the whistleblowing program to management.
In order to keep all reports within the same secure environment, your best option is to opt for a digital whistleblowing platform, with a digital whistleblowing hotline directly integrated into the platform.
Implementing a digital hotline to ensure compliance and leverage your whistleblowing program
When we talk about whistleblowing hotlines, "traditional" solutions are not designed to be integrated within an organisation. Usually, they're functioning as separate and disconnected tools. In addition, they require dedicated staff, usually outsourced to call centre companies. This bears a significant additional cost, requires training and regular checks on the quality of the service.
With the HinSchG, you need to be able to manage the reports received orally (through a hotline for instance) and in text form with the same obligations. If you already have a whistleblowing platform in place, this could mean adding an additional reporting channel, and double the work for Compliance Officers and all the people managing it.
To comply with this requirement, using a digital tool (SaaS) offers a major advantage: simply integrate a digital whistleblowing hotline into your whistleblowing platform. You can then centralise and manage cases on a single platform, no matter how the reports were disclosed.
In addition to your digital whistleblowing hotline, employees can also choose to send their report through a web form, an email address, or a mobile app: each user can choose the reporting channel they're the most comfortable with, and case management is harmonised and consistent. According to the HinSchG, you also guarantee the required level of confidentiality and facilitate continued communications in each case.
.png)
Ensuring data security, confidentiality, and handling anonymity
Germany's specific history, including the experiences of authoritarian regimes and surveillance, has shaped its approach to whistleblowing. There is an increased emphasis on protecting whistleblowers' anonymity and ensuring their safety, given the potential risks associated with reporting misconduct or corruption.
For now, there's no explicit obligation from the HinSchG to implement specific channels for anonymous reporting. But anonymous reports should still be received and processed.
However, this has been one of the significant changes introduced in the legislative process: organisations will be required to process anonymous reports and establish dedicated reporting channels to facilitate anonymous contact and communication with the internal reporting system. These anonymous reports are subject to the same formal requirements (such as the confirmation of receipt within seven days) as non-anonymous reports. This requirement surpasses the previous guidelines and initial government drafts, which left the decision of allowing anonymous reporting to the discretion of companies. While the obligation to process anonymous reports and provide dedicated channels imposes additional efforts on companies, there is a transitional period until January 1, 2025, before full compliance is required (Section 42(2) of the Whistleblower Protection Act).
The legislator emphasises that the internal reporting channel must process all incoming anonymous reports, regardless of the chosen reporting method.
Working hand in hand with your organisation's work council
Getting approval and establishing internal reporting channels
In Germany, organisations face requirements imposed by both their work councils and the new German Whistleblower Protection Act (HinSchG) when it comes to implementing whistleblowing systems.
The involvement of work councils is a distinctive feature of the German legal framework. As per the Works Constitution Act (BetrVG), organisations with work councils must allow employees to lodge complaints with them, ensuring protection against discrimination. However, the EU Whistleblowing Directive emphasises complete anonymity, which may not always be guaranteed through the work council route. On the other hand, the HinSchG sets out specific requirements for organisations, such as establishing internal reporting channels allowing several report formats and ensuring data security.
When introducing or modifying whistleblowing systems, employers will likely need to involve the work council. By considering the requirements of both the work councils and the HinSchG, organisations can ensure compliance and effective implementation of comprehensive whistleblowing systems.
Creating incentives and fostering a Speak Up culture
With the implementation of the HinSchG, there’s no priority for internal reporting channels. It’s up to the organisations to create the incentives to promote their internal whistleblowing platform, thus minimising the risk of facing the devastating consequences public whistleblowing can have for them.
The new challenge for organisations is clear: making the internal reporting channel attractive and effective.
Involving your work council in creating these incentives will reinforce the trust of employees in your whistleblowing platform, putting their interest first.
Conclusion
While the German Whistleblower Protection Act brings forth new challenges for organisations and compliance officers, adopting practical solutions can help navigate these requirements effectively.
By implementing a comprehensive reporting system that accommodates oral and written reporting, ensures data security and confidentiality, and addresses anonymity concerns, organisations can demonstrate their commitment to compliance while fostering a culture of transparency and accountability.
Embracing these practical steps empowers organisations to meet legal obligations, protect whistleblowers, and create a safe reporting environment that benefits both employees and the organisation as a whole.
%201.avif)
%201%20(2).avif)
%201%20(1).avif)
