Companies with 50 or more employees must set up an internal whistleblowing channel

Since 1 January 2019 the Republic of Lithuania law on the Protection of Persons Reporting on Breaches of Law is in force. The law is applicable to public and private legal entities, organizations and subunits of foreign legal entities or organizations. According to the law companies employing 50 or more employees must set up internal breaches reporting (whistleblowing) channels, other companies can to do it voluntarily.

We have noticed that companies have some questions regarding implementation of internal reporting channels; therefore we would like to discuss them.

What is the internal breach reporting channel?

The company must take necessary organizational, technical or other measures to set up the internal breaches reporting channel, which would allow to submit information regarding breach using one or more means (personally to competent subject at the company, through mail, email, web platform (using internet or intranet), by phone “hot line”, etc.).

The internal reporting channel is a tool for employees and persons who have been affiliated with the company through work or contractual (consulting, traineeship, volunteering) relationship to report about potential breaches.

What kind of breach can be reported?

Persons can report about breaches regarding the following: danger for public health or safety, a person’s life or health, environmental risk, obstruction or unlawful interference to law enforcement authorities investigations or justice, financing of illegal activities, illegal use of public funds or assets, illegally acquired assets, hiding of the consequences of the committed infringement, disruption to determine the extent of the consequences, and other breaches.

The person may submit information about the breach: (a) at the company through internal reporting channels; (b) directly to the competent institution (for instance, prosecutor’s office) or (c) publicly.

What protection and promotion measures could be applied to the reporting person?

The company must ensure the confidentiality of the reporting person (whistleblower) and ensure that she/ he is not affected adversely. Also, the company may determine remuneration for valuable information, compensation, and free legal assistance or in certain cases an exemption from liability.

What steps are recommended to set up internal reporting channel?

The company obliged to set up internal breach reporting channel must take the following steps:

  • Create (install) internal breach reporting channel, for example, email address, phone number, questionnaire at the company’s intranet.
  • Appoint a person (competent subject) and grant him/her established functions to evaluate reports. Noteworthy that such a person’s reputation and qualification must be undoubtable.
  • Prepare a reports handling procedure.
  • Review or adapt company’s personal data collection and storage procedure, privacy policy or other documents related to personal data processing.
  • Inform company’s employees or other persons related to the company about internal breach reporting channel

Should you need help in implementing a whistleblowing channel, please feel free to contact GLIMSTEDT data protection team.

Sign up for our newsletter