Kristian Krannich

Business Keeper AG

EU Whistleblowing Directive

What you need to know and when you need to act

Whistleblowers are vital for maintaining an open and transparent society, as they expose misconduct or hidden threats. To ensure that they are better protected against negative consequences, EU Directive 2019/1937 on the protection of whistleblowers came into force on 16 December 2019. EU member states now have until 2021 to incorporate the directive into their own national laws.

The goals of the EU Whistleblowing Directive are:

§ To detect and prevent misconduct and breaches of laws and regulations,

§ Improve law enforcement by establishing effective, confidential and secure reporting channels to effectively protect whistleblowers from fear of retaliation,

§ To protect and enable whistleblowers by helping them to raise concerns confidently without fear of retaliation, including anonymity where required.

Download checklist

Are you also affected by the EU Whistleblowing Directive?

Companies with 50 or more employees or with annual revenue over 10 million euros, public institutions as well as local authorities of 10,000 inhabitants or more must provide secure internal reporting channels. Reports can be submitted in writing via an online system, by post and/or orally by telephone or voice messaging system. The following aspects must be taken into account:

  • Provide anonymity and information security

    For all reporting channels, the identity of the whistleblower must be protected. All data must be handled in accordance with the GDPR.


  • Who should handle the report on breaches?

    This could be the head of the compliance or human resources department, a compliance officer, a lawyer, a data protection officer, internal audit or a member of the board.

  • Internal or public reporting channels

    If internal reporting channels should not be implemented, it should be clear that whistleblowers will only be able to report to the public authorities or media according to the EU Whisleblower Directive - with incalculable risks for the organisations.

  • What happens after a report?

    Since all reports need to be documented, and follow up measures must be taken, each report needs to be easily accessible to, compliance officers for the management of the next steps.  

  • Implementation timing for the BKMS® Compliance System

    The implementation timing depends on the size and complexity of the organisational structure. In general this takes between a few weeks and a couple of months.



  • What is the status quo on the implementation in Germany?

    The directive still has to be implemented into German Law. A first step towards whistleblower protection has already been undertaken in that the German Bundestag at the beginning of 2019 passed the "Law on the Protection of Business secrets" (GeschGehG).

The most important questions for you:

What kind of reporting channel should be implemented?
Show more
Which reporting channel is best suited to large companies and public institutions?
Show more
How long does implementation take?
Show more
Will my staff need special training to handle and process reports?
Show more
What happens after receiving a report?
Show more
How long do companies have time to react to the information?
Show more
Are loyalty and confidentiality clauses valid?
Show more
Does it matter how the information has been obtained?
Show more

Get your company ready now

With the innovative BKMS® Compliance System you meet all requirements and obligations of the EU Whistleblowing Directive for your organisation.

Contact us now for a personal conversation.

There is much to consider to prepare companies and public bodies for the new EU Whistleblower Directive.
Business Keeper has two decades of specialist expertise. We would be delighted to support you in implementing a secure external whistleblowing system for your organisation.

Business Keeper AG

Kristian Krannich

Get your personal demo now

For more information, see our Privacy Policy

More than half of the German DAX companies trust the innovative BKMS® Compliance System