EU Whistleblowing Directive – Greece

Whistleblowers protection already in place

Before the introduction of the Directive

Greece doesn’t have any legal framework in place concerning whistleblowing and protection against retaliation. 

Current implementation status

Greece has adopted a new whistleblower protection law in November 2022.

Organizations with more than 249 employees have until the 11 May, 2023, to implement internal whistleblowing channels and comply with the new requirements of the Greek law.

Companies with 50 to 249 employees have until 17 December 2023.

New Requirements

The new law will primarily affect companies with 50 or more employees, as well as companies operating in financial sector services, products and markets, transport sector and environment sector regardless of the number of employees. 

They will be obligated to set up internal reporting channels to enable reporting of EU law violations, protect the confidentiality of the whistleblowers’ identity and ensure that whistleblowers are protected against retaliation.

Obligations for private sector companies

All concerned organizations, either with more than 50 employees or that are in the sectors listing above, must appoint an Officer to receive and follow up on reports from whistleblowers.

The Officer can be an employee or a third-party, and must ensure the confidentiality of the whistleblower’s identity.

The reports can be made in writing, verbally, or through a digital platform that is accessible to all, including people with disabilities. Additionally, the company must keep a record of each report, including those made verbally.

Once an Officer has been appointed and the Labour Inspectorate or the competent supervisory authority has been notified within 2 months as of the appointement, a whistleblowing policy must be drafted and implemented.

Additionally, employees and other individuals who may be affected about the presence of a whistleblowing system and the handling of personal information in relation to it must be informed.

Personal data and anonymity

Anonymous reporting is allowed, and anonymous whistleblowers will be protected if they are identified at a later stage and if retaliation measures are applicable. The company must also protect the personal data of the whistleblower and any third parties mentioned in the report by implementing appropriate measures (i.e. pseudonymisation during the reporting process and follow-up communications). Generally, any processing activity in the context of the internal reporting channel, must be in compliance with General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Law 4624/2019, which supplements the GDPR in the Greek legal framework.

Get a Head Start 

Having a flexible platform that can adapt to any legislation and regulations can give you a great head start. With Whispli, you can build up your solution according to your current needs, and modify it at any time. 

You can start by complying to the minimum requirement of the EU Directive today and adjust to your local legislation later. 

Get in touch with one of our expert and get a guided demo to see how Whispli can help your Organization to comply with the Directive.