Whistleblower Programs and EU Data Protection Law Compliance: Overview

Thomson Reuters' Practical Law

29 Oct 2021

Alja Poler De Zwart authored an article for Thomson Reuters’ Practical Law discussing issues relating to whistleblowing programs and data protection law compliance in the European Union, including the legal framework governing whistleblower programs, the Whistleblowing Directive’s requirements, and how to comply with the GDPR [General Data Protection Regulation] when operating a whistleblower program.

“The Whistleblowing Directive…sets new EU-wide minimum standards for protecting whistleblowers and requires EU member states to establish comprehensive whistleblower protection frameworks.” Alja wrote. “The Whistleblowing Directive establishes the minimum standards required in EU member state implementing laws and permits EU member states to customize their laws, for example, by determining what penalties apply for violations and expanding the scope of reportable concerns. This will result in different whistleblowing program requirements throughout the EU. Organizations must understand which EU member state laws apply to them and monitor their implementation and related supervisory authority guidance.”

Read the full article.



Unsolicited e-mails and information sent to Morrison & Foerster will not be considered confidential, may be disclosed to others pursuant to our Privacy Policy, may not receive a response, and do not create an attorney-client relationship with Morrison & Foerster. If you are not already a client of Morrison & Foerster, do not include any confidential information in this message. Also, please note that our attorneys do not seek to practice law in any jurisdiction in which they are not properly authorized to do so.