Do you want to protect your company from damage?

Then you should implement a digital whistleblower system in your company. This is a digital application or software that your employees, customers, suppliers and business partners can use to report violations of applicable law and company policies. Employees in particular are often the first to receive information about such violations and can report them to the company via the digital whistleblower system.

Fast deployment of the system

The digital whistleblower system is provided online via the Internet and/or the company's intranet.  

The company can then immediately initiate the necessary measures to prevent damage or - if a violation has already been committed - to minimize economic damage. In addition, a company can thereby avoid damage to its reputation - which is important in the business world - or damage to its image. 

Requirements for a whistleblowing system

Digital whistleblowing systems must comply with a wide range of legal, technical and organizational requirements:

The Directive first stipulates that the processing of personal data processed in a digital whistleblower system must be carried out in accordance with the General Data Protection Regulation ("GDPR"). In this context, the specifications of the Conference of Independent Data Protection Authorities of the Federal Government and the Federal States on whistleblower systems must also be observed, among other things. The implementation of the principles of legality, rights of data subjects, documentation requirements, and technical and organizational measures are an essential component of a proper digital whistleblower system. In this context, the confidentiality of the identity of the whistleblower and the third parties mentioned in a report must also be ensured, especially from a technical and organizational perspective. Unauthorized persons must not be able to access this information. Furthermore, it must be possible to submit reports anonymously, i.e., it must not be possible to identify the whistleblower.

In particular, the completeness and integrity of the information must also be guaranteed technically. Likewise, all reports must be documented in compliance with data protection law and confidentiality obligations in accordance with the directive. The implementation of deletion specifications and concepts for personal data forms an essential functionality of a legally compliant whistleblower system. Data that is obviously not relevant to the processing of a specific report or is no longer required for the purpose must always be deleted, unless other permissible circumstances justify further storage or processing of the data.

A digital whistleblower system should also support the company in the implementation of further compliance measures or - as the directive states - "follow-up measures" after receipt of the report and accompany these processes in a structured manner. The directive not only requires the implementation of a whistleblower system, but also the establishment of procedures for internal reports and for follow-up measures. By "follow-up", the Directive means the measures taken by the company to verify the validity of the allegations made in the report and internal inquiries, investigations, prosecutions or a conclusion of the proceedings.

The HINTBOX implements all legal, technical and organizational requirements for a digital whistleblower system. Our HINTBOX can protect your company from damage. 

Try the HINTBOX today and get a free annual subscription.