Since 1 January 2019 the Republic of Lithuania law on the Protection of Persons Reporting on Breaches of Law is in force. The law is applicable to public and private legal entities, organizations and subunits of foreign legal entities or organizations. According to the law companies employing 50 or more employees must set up internal breaches reporting (whistleblowing) channels, other companies can to do it voluntarily.
We have noticed that companies have some questions regarding implementation of internal reporting channels; therefore we would like to discuss them.
The company must take necessary organizational, technical or other measures to set up the internal breaches reporting channel, which would allow to submit information regarding breach using one or more means (personally to competent subject at the company, through mail, email, web platform (using internet or intranet), by phone “hot line”, etc.).
The internal reporting channel is a tool for employees and persons who have been affiliated with the company through work or contractual (consulting, traineeship, volunteering) relationship to report about potential breaches.
Persons can report about breaches regarding the following: danger for public health or safety, a person’s life or health, environmental risk, obstruction or unlawful interference to law enforcement authorities investigations or justice, financing of illegal activities, illegal use of public funds or assets, illegally acquired assets, hiding of the consequences of the committed infringement, disruption to determine the extent of the consequences, and other breaches.
The person may submit information about the breach: (a) at the company through internal reporting channels; (b) directly to the competent institution (for instance, prosecutor's office) or (c) publicly.
The company must ensure the confidentiality of the reporting person (whistleblower) and ensure that she/ he is not affected adversely. Also, the company may determine remuneration for valuable information, compensation, and free legal assistance or in certain cases an exemption from liability.
The company obliged to set up internal breach reporting channel must take the following steps:
Should you need help in implementing a whistleblowing channel, please feel free to contact GLIMSTEDT data protection team.