July 21, 2022
When it comes to whistleblowing, it can be difficult to know where to start, especially if you haven't had to implement a brand new whistleblower service within an organization before. There are a lot of different components to keep in mind, such as secure data storage according to GDPR, the possibility of anonymity and offering a method that as many people as possible feel comfortable using.
We have therefore chosen to compile 3 simple tips to make it as easy as possible for you to choose the right whistleblower service for your organization. By ensuring that the whistleblower service offers all 3 things below, you have come a long way towards choosing the right whistleblower service for your organization.
1. Reporting should be simple
It should be as easy as possible to report irregularities and other problems, but this is something that is rarely as easy as one might initially think. Many believe, for example, that e-mail is an excellent reporting channel: "Sending an e-mail can be done by anyone".
However, it can be problematic to report something anonymously via e-mail and you must then, for example, create a completely new e-mail address in order not to reveal your identity. Unfortunately, this extra step may be enough to deter potential whistleblowers.
Due to this, it is recommended that you choose a whistleblower service that enables anonymous reporting when necessary and is also highly user-friendly and offers updates, tips and help resources and works on both desktop and mobile devices. For example, you should not need instructions to submit a report as an employee.
2. All information must be secure
Today's workflows and communication alone require a lot of data and personal information to be transferred. For whistleblowing, it is especially important given the sensitivity of the information, and just like in most other cases, the GDPR and the correct processing of personal data, for example regarding perpetrators, also apply here.
All information in a whistleblower case must also be completely deleted after two years, with certain exceptions. During the course of the case, it is also good if there is an opportunity to hide personal information if necessary, for example when a third party needs to take part in the case.
3. Possibility of confidentiality and anonymous two-way communication
Under the new whistleblowing guidelines, most people are well aware that whistleblowing should be strictly confidential and preferably anonymous. This is something that can be difficult to develop in-house from scratch, in a way that is compliant and waterproof.
Creating such functionality requires a lot of work from both HR and IT departments who need to create databases and implement proper security measures to ensure that anonymous reporting in whistleblowing is possible. Please read our customer case with Jollyroom, which initially explored just such solutions.
When you are looking for a whistleblower service, this should therefore be something that you place extra emphasis on. It is important, on the one hand, to put yourself in the perspective of the employee to see if they will consider the service to be reliable enough. You also need to look at the matter from an IT perspective: is everything adequately protected? Is data stored within the EU? Is there a risk that unauthorized persons gain access to the data? These are questions that can be good to ask to ensure that the system is of a sufficiently high standard.
Once you have established a good process for people in your organization to report, you should also keep in mind the two-way communication process that needs to happen after a whistleblower case has been reported. According to the EU directive, a confirmation of receipt must be sent to the whistleblower within seven days, and they must then receive feedback on their report within three months. Furthermore, the channel should facilitate follow-up questions and discussions related to the investigation.
Some companies may intend to handle whistleblowing via Microsoft Forms or similar. This will run into the same problem discussed in the previous section. Because none of these forms include a mechanism to inform the whistleblower of a receipt or provide additional information about the case, anonymous two-way communication would require the whistleblower to create an anonymous email inbox that would be linked to the report. This would result in a higher reporting threshold and, as a result, a lower amount of reports. In addition, case managers do not always receive notifications for a new report in, for example, Microsoft Forms.
Having solid and correct procedures and enabling anonymous two-way communication benefits not only the person who reported, but also the company and case handlers. For example, the staff handling the reports will have an easier time contacting and discussing the status of the report from the same platform they use to document the request.
The 3 points above are of course not the only things a whistleblower service should include, but they are all important components. Then it is also important to find a flexible solution that meets these requirements.
Visslan makes whistleblowing easy with a whistleblower system, standardized whistleblower policy and the possibility of external case management. Read more about Visslan's services here to see what is on offer or contact Visslan for more information.