What is a whistleblower system?

Comprehensive information about whistleblower software and its importance

With the EU Whistleblower Protection Directive entering into force on December 16, 2019, the topics of "whistleblower protection" and "whistleblower system" have increasingly become the focus of public attention. The EU Whistleblower Directive does not only affect large corporations or banks: all companies employing 50 people  with 50 employees or more will be obliged obligated to establish internal reporting channels, or so-called whistleblower systems, as will towns and municipalities with populations of 10,000 people or more.

Whistleblowers – for example, employees of a company or organisation, suppliers or a town's citizens– can use a whistleblowing system to report information anonymously about such as abuse or breache of regulations that they have observed - without fear of negative consequences. Whistleblowers do not have to fear dismissal, discrimination in the workplace, intimidation or transfer.

The pros of a whistleblower system:



Providing a secure way for companies and organisations to report breaches, misconduct or potential risks helps to detect and resolve wrongdoing or irregular behaviour at an early stage before any major damage is done.


Whistleblower systems offer the chance to create a transparent and value-based corporate and work culture, ideally shared by all employees and managers, rather than being seen as a "necessary evil" of compliance.


In the event of a breach, high financial costs and reputational damage can be averted, while at the same time misconduct can be prevented.


If the chance to submit reports anonymously exists, the trust and willingness to share critical knowledge internally and to work through problems increases.


What whistleblower systems exist?

There are a variety of different solutions available:



At first glance, all the systems listed above are capable of guaranteeing confidential reporting. On closer inspection, however, differences become apparent: thus, although a letter can be sent easily from almost anywhere in the world, it does not always reach the person responsible. If internal reports are written anonymously, this blocks the ability to communicate to ask questions in order to clarify the incident described.

Voice-based whistleblower systems

A voice-based solution represents another communication channel, either in the form of a human-operated application or as an answering machine system. However, in order to be able to provide around-the-clock availability, sometimes in several languages, a high level of staffing is required, which goes together with corresponding costs. In the case of answering machine systems, however, no questions can be asked. In addition, there is always a delay in responding to a message. Moreover, isolated solutions enjoy little confidence when it comes to preserving the anonymity of the identity of the person making the report. However, a voice-based solution makes sense as an additional channel if a whistleblower cannot or does not want to use the Internet.


Another reliable way to make a report is to have an internal or external ombudsperson, who is usually a lawyer, as a point of contact. In this way, during the conversation, not only is it possible to focus on the main issues at hand, the plausibility and credibility of the internal information can also be verified. Unfortunately, a reporting system involving ombudspersons naturally only offers limited accessibility in terms of time and location, and the language coverage is usually limited as well. For this reason, ombudspersons are mostly used in a regional context or in combination with other reporting channels.

Best practice: web-based whistleblower systems

Web-based applications are able to flexibly map all the requirements of a whistleblower system which the Whistleblower Directive now also requires.

For example, if required, a whistleblower system can also be combined with an ombudsperson or a voice-based solution. A system of this type also offers a global reporting system in any existing language at any time of day or night. However, major differences exist in the security of the various applications.

When selecting an appropriate whistleblower system, care should be taken to ensure that a certified and auditable system is chosen that meets security and data protection requirements. In order to guarantee the highest possible level of protection for the personal and report-related data collected and the anonymity of the identity of the person making the report, best practice systems are systems that apply special encryption techniques as standalone applications and at the same time offer confidential communication between the person processing the report and the whistleblower over a digital mailbox function without revealing the identity of the person making the report.

Read the 'Best practice guide'!

Ten criteria for a successful whistleblower system




If a whistleblower submits a report, personal data is processed at the same time. For this reason, web-based systems need to meet the most stringent requirements for the protection and security of this data, from the moment the information is recorded to its ultimate deletion.  If a whistleblower submits a report, personal data is processed at the same time. For this reason, web-based systems need to meet the most stringent requirements for the protection and security of this data, from the moment the information is recorded to its ultimate deletion.  



Data storage on protected servers in Germany or the EU is advisable in any case, not least because of the Privacy Shield Agreement between the EU and the USA, which has been declared ineffective. In addition, third parties, including the whistleblower system vendor, should never have access to the data.



The option of being able to report anonymously if required lowers the inhibition threshold on the part of the whistleblower and increases the acceptance and success of a reporting system. At the same time, a dialogue between the whistleblower and the company investigator is important to be able the efficiently resolve a case. The confidential exchange can take place and the identity of the whistleblower can be protected at the same time using special encryption technologies and a mailbox function.



Depending on its design, a web-based reporting system will be able to receive information in a wide variety of languages. This is an important criterion, especially for companies that are active on an international basis, in order to allow whistleblowers to submit reports in their own native language and hence to keep the inhibition threshold as low as possible. With the help of a translation function, the reports received can be transferred into the language of the respective party processing the report.



Regular security and penetration tests undertaken by independent IT experts are an important quality feature in any whistleblower software. GDPR-compliant data protection certifications also serve as an indication of the security of such an application. 



When using an internal reporting channel internationally, the data protection requirements of the specific country and the legal regulations in force there need to be taken into account. For example, anonymous reporting on certain subjects are not permitted in some countries. Specific requirements of this nature can therefore be mapped well with a web-based solution.



Linking case processing to the whistleblower system allows the results and measures in the processing chain to be recorded and evaluated from different sources. At the same time, reports and statistics serve to document cases in a legally compliant and audit-proof manner and convey relevant information to the compliance department and company management.



Modern web-based whistleblower systems are modular in design and allow information from different sources to be collected and processed. In this way, they can be used as part of a company's compliance management, for example in combination with a voice-based solution and/or an ombudsperson.



In order to protect against indiscriminate reporting and misuse, priorities in terms of topics that are specific to the company need to be defined.



An enormous advantage of digital reporting systems is the permanent availability they provide for reporting rule violations, both nationally and worldwide.

Are you planning to introduce a whistleblower system at your company? Then arrange for a software demo today and get to know our BKMS® Incident Reporting software better:


Start your demo now

Privacy Settings


Paramètres de confidentialité

Configuración de privacidad

Configurações de privacidade

Impostazioni sulla privacy

Ustawienia prywatności

Nastavení ochrany osobních údajů

Nastavenia ochrany osobných údajov

On our website we use cookies that are necessary for technical reasons, for example to save your cookie settings and, after you have provided your consent, also marketing cookies, which help us to improve our web presence and implement advertising campaigns.

In this regard, we also use technology by third-party providers (Google, LinkedIn, Microsoft), with which data processing in the USA, where there is no adequate level of data protection, cannot be excluded. IP address data is anonymised by abbreviation.

Your consent is provided on a voluntary basis and may be revoked at any time. Please note that this information applies only to our company website. In order to guarantee absolute confidentiality, we still do not use third-party provider cookies or other marketing technologies in the BKMS® Compliance System.

You can find more information in the data protection policy.

Auf unserer Webseite verwenden wir technisch notwendige Cookies, etwa zur Speicherung Ihrer Cookie-Einstellungen und, nach Ihrer Einwilligung, auch Marketing Cookies, die uns helfen, unseren Internetauftritt zu verbessern sowie Werbekampagnen durchzuführen.

Dabei nutzen wir auch Technologien von Drittanbietern (Google, LinkedIn, Microsoft), bei denen eine Datenverarbeitung in den USA, wo kein angemessenes Datenschutzniveau gewährleistet ist, nicht ausgeschlossen werden kann. IP-Adressdaten werden durch Kürzung anonymisiert.

Ihre Einwilligung ist freiwillig und jeder Zeit widerrufbar. Bitte beachten Sie, dass dieser Hinweis nur für unsere Unternehmenswebseite gilt. Zur Gewährleistung absoluter Vertraulichkeit verwenden wir im BKMS® Compliance System weiterhin weder Drittanbieter-Cookies noch sonstige Marketing Technologien.

Weitere Informationen finden Sie im Datenschutzhinweis.

Sur notre site web, nous utilisons des cookies techniquement nécessaires par exemple pour enregistrer vos réglages en matière de cookies et, après avoir reçu votre consentement, également des cookies de marketing qui nous aident à améliorer notre présence sur Internet et à réaliser des campagnes publicitaires.

Nous utilisons aussi des technologies de fournisseurs tiers (Google, LinkedIn, Microsoft) au cours de l’emploi desquelles ne peut être exclu un traitement des données aux États-Unis, pays où aucun niveau raisonnable de protection des données n’est garanti. Les données d’adresse IP sont tronquées pour les anonymiser.

Votre consentement est facultatif et révocable à tout moment. Veuillez noter que cette remarque ne vaut que pour notre site web d’entreprise. Pour garantir une confidentialité absolue et comme par le passé, nous n’utilisons dans le BKMS® Compliance System ni cookies de tiers ni technologies de marketing diverses.

Vous trouverez d’autres informations dans l’avis relatif à la protection des données.

En nuestra página web utilizamos cookies técnicamente necesarias, como las que se usan para almacenar sus ajustes de cookies, y, tras recabar su consentimiento, utilizamos también cookies de marketing que nos ayudan a mejorar nuestro sitio web y a llevar a cabo campañas publicitarias.

Para ello, hacemos uso también de tecnologías de terceros (Google, LinkedIn, Microsoft), en cuyo caso no se puede descartar que el tratamiento de datos se lleve a cabo en los EE. UU., donde no se garantiza un nivel adecuado de protección de datos. Los datos de las direcciones IP se anonimizan mediante acortamiento.

Su consentimiento es voluntario y puede ser revocado en cualquier momento. Tenga en cuenta que este aviso solo es de aplicación para la página web de nuestra empresa. Para garantizar una confidencialidad absoluta, en el BKMS® Compliance System no utilizamos cookies de terceros ni otras tecnologías de marketing.

Puede encontrar más información en el aviso de protección de datos.

Na nossa página de internet, utilizamos cookies necessários do ponto de vista técnico, por exemplo, para o armazenamento das suas definições de cookies e, após a sua autorização, também cookies de marketing que nos ajudam a melhorar a nossa presença na internet , bem como a realizar campanhas publicitárias.

No processo utilizamos também tecnologias de outros fornecedores (Google, LinkedIn, Microsoft), nos quais não é possível excluir um tratamento de dados nos EUA, onde não é garantido um nível de proteção de dados adequado. Os dados do endereço IP são anonimizados através de redução.

A sua autorização é voluntária e revogável em qualquer altura. Por favor, tenha em consideração que esta mensagem só é válida para a página de internet da nossa empresa. Para garantir absoluta confidencialidade, continuaremos a não utilizar no BKMS® Compliance System nem cookies de outros fornecedores nem outras tecnologias de marketing.

Encontrará mais informações no aviso relativo à proteção de dados

Sul nostro sito web utilizziamo cookie necessari dal punto di vista tecnico, ad esempio per salvare le impostazioni dei cookie e, se l'utente ha fornito il suo consenso, utilizziamo anche cookie di marketing che ci aiutano a migliorare il nostro sito web e realizzare campagne pubblicitarie.

A tale scopo, utilizziamo anche tecnologie di terze parti (Google, LinkedIn, Microsoft) per le quali non è possibile escludere il trattamento dei dati negli Stati Uniti, dove non è garantito un livello adeguato di protezione dei dati. I dati dell'indirizzo IP vengono resi anonimi mediante abbreviazione.

Il consenso dell'utente è volontario e revocabile in qualsiasi momento. Questo avviso si applica solo al nostro sito web aziendale. Per garantire la massima riservatezza, non utilizziamo nel BKMS® Compliance System né cookie di terze parti né altre tecnologie di marketing.

Maggiori informazioni sono disponibili nell'informativa sulla protezione dei dati.

Na naszej stronie wykorzystujemy niezbędne technicznie pliki cookie, np. do zapisywania ustawień cookie, oraz – po wyrażeniu zgody, również cookie marketingowe pomagające nam ulepszać naszą witrynę internetową oraz prowadzić kampanie reklamowe.

Wykorzystujemy przy tym również technologie od dostawców zewnętrznych (Google, LinkedIn, Microsoft), w przypadku których nie można wykluczyć przetwarzania danych na terenie USA, gdzie nie jest zapewniony dostatecznie wysoki poziom ochrony danych. Adresy IP są anonimizowane poprzez skrócenie.

Udzielana zgoda jest dobrowolna i można ją odwołać w dowolnym momencie. Prosimy pamiętać, że ta informacja dotyczy całej naszej strony. Dla zapewnienia pełnej poufności w BKMS® Compliance System nadal nie stosujemy plików cookie dostawców zewnętrznych ani innych technologii marketingowych.

Więcej informacji można znaleźć w informacji o ochronie danych.

Na našich webových stránkách používáme technicky nezbytné soubory cookie, například k uložení vašeho nastavení souborů cookie, a s vaším souhlasem také marketingové soubory cookie, které nám pomáhají vylepšovat naše webové stránky a provádět reklamní kampaně.

Při tom používáme technologie třetích stran (Google, LinkedIn, Microsoft), u nichž nelze vyloučit zpracování dat v USA, kde není zaručena adekvátní úroveň ochrany dat. Data IP adresy jsou anonymizována zkrácením.

Váš souhlas je dobrovolný a můžete jej kdykoli odvolat s účinkem do budoucna. Vezměte prosím na vědomí, že toto upozornění se vztahuje pouze na webové stránky naší firmy. Abychom zajistili absolutní důvěrnost, v systému BKMS® Compliance System nadále nepoužíváme žádné soubory cookie třetích stran ani jiné marketingové technologie.

Další informace naleznete v informacích k ochraně dat.

Používame technicky potrebné súbory cookies, napríklad na úschovu vašich nastavení cookie, a s vašim súhlasom tiež marketingové súbory cookies, ktoré nám pomáhajú zlepšovať našu webovú stránku a uskutočňovať reklamné kampane.

Používame tiež technológie od tretích strán (Google, LinkedIn, Microsoft), pre ktoré nemožno vylúčiť spracovanie údajov v USA, kde nie je zaručená primeraná úroveň ochrany údajov. Údaje IP adresy sú anonymizované skrátením.

Váš súhlas je dobrovoľný a je možné ho kedykoľvek odvolať. Upozorňujeme, že toto oznámenie sa týka iba webových stránok našej spoločnosti. Aby sme zaistili absolútnu dôvernosť, v BKMS® Compliance System naďalej nepoužívame súbory cookies tretích strán ani iné marketingové technológie.

Ďalšie informácie nájdete v oznámení o ochrane osobných údajov.

Show detailed settings Ausführliche Einstellungen anzeigen Montrer des paramètres détaillés Mostrar configuración detallada Apresentar configurações detalhadas Mostra le impostazioni dettagliate Pokaż szczegółowe ustawienia Zobrazit podrobná nastavení Zobraziť podrobné nastavenia Hide detailed settings Detaileinstellungen ausblenden Cacher les paramètres détaillés Ocultar los ajustes detallados Apresentar configurações detalhadas Nascondi le impostazioni dettagliate Ukryj szczegółowe ustawienia Ukryj szczegółowe ustawienia Ukryj szczegółowe ustawienia