A Comprehensive Guide to the New Whistleblower Law
Since 17 December 2021, Sweden has a new whistleblower law in place.
The law is based on the EU's whistleblower directive. The difference from previous legislation is that there are now requirements for how reporting should be done. Let’s dig deeper into what that means for your company.
What is whistleblowing?
Whistleblowing is a term used to describe when an individual reports, discloses, reveals or publicizes any kind of information or activity that is deemed illegal, unethical, or not accurate within an organization. Whistle-blowing not only helps protect public interest, but it also creates a culture of trust and accountability in organizations.
Which Companies Are Impacted?
The very basis of the legislation, as well as that which already exists, is grounded in a fundamental right of every individual to be protected when they act as whistleblowers. No matter the size of a company, this protection must be maintained to ensure that all employees can feel secure in their rights.
Exploring the Details of the New Whistleblowing Law
The very foundation of the new legislation is the protection of every individual who takes on the role of a whistleblower. No one should ever have to worry about losing their job or salary because they report misconduct. In summary:
- Protection for the individual has been strengthened
- Whistleblowers should be able to exercise their right to speak out against unethical, illegal or dangerous activities without fear of reprisal.
- Whistleblowers should not be held accountable for breaching their duty of confidentiality when they report serious misconduct
- Whistleblowers will be subject to the most stringent level of confidentiality
- More people should be able to blow the whistle
For companies, in practice this will require a comprehensive analysis of their current whistleblowing processes, followed by appropriate updates. In order for a company to effectively do this, it is essential to have systems in place that are both comprehensive and clear.
Free Whistleblower Service
Protect your business with a secure and anonymous whistleblower feature developed in accordance with the EU's whistleblower directive and GDPR.
- Secure
- Anonymous
- Included in our free package
What Can Be Reported?
What can be reported is not much different than it was before. The goal of the new legislation is not to increase the number of whistle-blowers, but rather to protect those who do choose to speak.
Things that can be reported:
- all offenses against EU legislation
- misconduct where there is a public interest in the information coming to light
The requirement of public interest is aimed at the misconduct itself, not the activity in question. It is not enough for a company to be well known in order to establish and define what is truly in the public interest.
Examples:
- Public procurement not done according to regulations
- Money laundering
- Terrorism
- Product and food safety
These are all examples of cases where whistleblowing can occur. One specific case could be about exposing inappropriate, unethical, or illegal use of tax money. Another case could occur when a product is manufactured with illegal chemicals that is not presented in the list of contents.
What Should Not Be Reported?
Events that affect an individual’s work situation are often mistaken as a valid reason for whistleblowing. However, these cases are rarely investigated further.
Instead, the HR department is often responsible for those kinds of situations. It’s easy to think they are of public interest, but the fact is – they are not. Also, in Sweden we have extensive labor and work environment laws that are designed to ensure the safety, health, and well-being of all employees. In a lot of situations, it is enough to report an issue internally and refer to the existing labor legislation.
Who Should Be Able to Blow the Whistle?
Here, we need to distinguish between who is covered by whistle-blowing protection, and who should have access to the internal reporting channel. We start with those covered by the protection:
- Employees, consultants, self-employed persons, interns, volunteers, persons who are part of any form of management or supervisory body, shareholders, job candidates and former employees are covered by whistle-blowing protection.
Those who must have access to an internal reporting channel in the business are:
- People who is working for, or at, the company today.
Key Differences Between Internal and External Reporting
Internal reporting is the reporting that the company is responsible for handling. Employees should be able to report misconduct internally and the company is obligated to assess, investigate and manage each case.
External reporting is handled by designated authorities. The authorities are responsible for making sure people can report misconduct externally regarding areas in which they operate. Different authorities are responsible for different areas.
Do You Need System Support for Whistleblowing?
The law does not state that companies need system support for whistle blowing. However, given all the demands on feedback, documentation, storing and safety, it is hard to see the practical and financial gain from handling whistleblowing processes manually.
How Should the System be Designed?
The system should enable written and vocal reporting. You will find great value in investing in a smooth user experience as well. Also, the safety level needs to be extensive.
No System Support? This is what you can do
A system support for whistleblowing can meet practically all demands stated in the new whistleblower law, is often easy to implement and keeps the safety level high at all times. But there are other options. For example, you can choose to have a dedicated email address or telephone number that you share with everyone in the organization.
Who Should Be Responsible For Handling Whistle Blowing Processes?
Once your system for reporting misconduct and irregularities is in place, you need to make sure that these matters are handled properly. The company must carefully consider and assess which members or subgroups of the organization are best suited to handle the reported matters. The persons or departments responsible for handling whistleblower matters must be independent and self-sufficient vis-à-vis the employer.
The responsibility often lands on the HR department. It is also common that the Compliance department or a quality function handles whistleblowing-related matters.
Documentation and Storage
Every whistleblower case must be documented safely. The procedures for how whistle-blowing works at the company must also be written down in a clear way for everyone concerned. The reports that document the cases should be saved as long as necessary, but for a maximum of two years.
GDPR applies, but there is no legal requirement that people should be able to whistleblow anonymously. A good rule of thumb is that only those who handle whistleblower cases should have access to the information gathered from whistleblowing.
How to Get Started
To get started, try using these three steps – they will help you get ready to meet the legal requirements:
- Discover the Needs
What needs does your business have? Do you have a whistleblowing channel up and running today? Does it meet the requirements? Do you use system support? Do you need to comply with other laws and regulations in your business?
- Plan Your New Process
What technical support is needed? Which people and roles should be responsible for the process? Who assesses which measures are required? Do you need external help? How will you handle documentation and storage?
- Implement
Inform all people in the organization about the company’s whistleblowing process and make sure everyone knows the routines.
Work on the business culture and make employees feel safe reporting when they have the need to. After all, that is the purpose of the updated legislation.
Try Hailey's Whistleblower Feature For Free Today
Hailey’s system offers a whistleblower feature that is free of charge for all users.
The system provides your organization with a link to a page where reporting can easily be done. The administrator chooses who is in charge of handling reported incidents. Then, the person in charge can easily see and respond to incoming messages directly in the platform.
Getting Started
There is a simple three-step model that you can follow to get started and become prepared to meet the new legal requirements.
- Assess the Needs
What are the needs of your organization? Do you have a whistleblowing channel in place today? How does it measure up to the new requirements? Are you using a system for support? Do you need to comply with other laws and regulations specific to your business?
- Plan Your New Process
What technical support is required? Which individuals and roles should be responsible for the process? Who will assess the necessary actions? Do you need to hire external assistance? How should you document your procedures?
- Implement
Inform everyone in the organization about the new requirements and ensure that everyone has access to the procedures.
Also, start working on creating an open culture and making employees feel comfortable reporting. After all, that's the whole purpose of the new legislation.
Get Started for Free
In Hailey, we offer a whistleblower function that you can set up and get started with completely free of charge.
The system provides your organization with a link to a page where whistleblower cases can be easily and smoothly reported. As an administrator, you choose who will handle incoming cases. You're able to view and respond to incoming cases directly within the platform.