Whistleblowers protection already in place
Before the introduction of the Directive
Greece doesn’t have any legal framework in place concerning whistleblowing and protection against retaliation.
Current implementation status
Greece has adopted a new whistleblower protection law in November 2022.
Organizations with more than 249 employees have until the 11 May, 2023, to implement internal whistleblowing channels and comply with the new requirements of the Greek law.
Companies with 50 to 249 employees have until 17 December 2023.
The new law will primarily affect companies with 50 or more employees, as well as companies operating in financial sector services, products and markets, transport sector and environment sector regardless of the number of employees.
They will be obligated to set up internal reporting channels to enable reporting of EU law violations, protect the confidentiality of the whistleblowers’ identity and ensure that whistleblowers are protected against retaliation.
Obligations for private sector companies
All concerned organizations, either with more than 50 employees or that are in the sectors listing above, must appoint an Officer to receive and follow up on reports from whistleblowers.
The Officer can be an employee or a third-party, and must ensure the confidentiality of the whistleblower’s identity.
The reports can be made in writing, verbally, or through a digital platform that is accessible to all, including people with disabilities. Additionally, the company must keep a record of each report, including those made verbally.
Once an Officer has been appointed and the Labour Inspectorate or the competent supervisory authority has been notified within 2 months as of the appointement, a whistleblowing policy must be drafted and implemented.
Additionally, employees and other individuals who may be affected about the presence of a whistleblowing system and the handling of personal information in relation to it must be informed.
Personal data and anonymity
Anonymous reporting is allowed, and anonymous whistleblowers will be protected if they are identified at a later stage and if retaliation measures are applicable. The company must also protect the personal data of the whistleblower and any third parties mentioned in the report by implementing appropriate measures (i.e. pseudonymisation during the reporting process and follow-up communications). Generally, any processing activity in the context of the internal reporting channel, must be in compliance with General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Law 4624/2019, which supplements the GDPR in the Greek legal framework.
Get a Head Start
Having a flexible platform that can adapt to any legislation and regulations can give you a great head start. With Whispli, you can build up your solution according to your current needs, and modify it at any time.
You can start by complying to the minimum requirement of the EU Directive today and adjust to your local legislation later.
Get in touch with one of our expert and get a guided demo to see how Whispli can help your Organization to comply with the Directive.
You're in Good Company
Whispli is an award-winning platform recommended by partners and clients alikeRead our Latest Customer Success Story: VodafoneZiggo
"Whispli is hands down the most watertight way to catch and manage wrongdoing in your organization. If you're not using it, then you're not serious about preventing fraud or corruption."
Group Risk & Compliance Manager, Topshop Topman
"I have had the opportunity to implement this type of tool in the past and this is the first time I have worked with a partner who knows how to turn this sensitive subject into an opportunity. The platform is clear, modern and easy to use."
Chief Compliance Officer, Auchan Retail
"Exceptional Client Service. Whispli product and customer success teams are its biggest asset. They are flexible, always available for support and ready to stretch beyond their roles to help the clients."
Senior Associate, Ernst & Young