How Do I Whistleblow?

Whistleblowing is where a worker reports misconduct in order to protect the public. The complaint must be based on your honest perceptions, made without malice and not personal. Essentially, as soon as you have offloaded your concerns and passed on all of the relevant information, the investigation is out of your hands. Whilst this means you have no say over the proceedings, you may request updates on developments. The biggest questions when debating whether to blow the whistle are often: does my concern constitute as whistleblowing and who should I talk to?

Is My Complaint Whistleblowing?

In essence, whistleblowing reports comprise of complaints from workers about misconduct that could harm the public. These can fall into a variety of different categories:

  • Criminal offences
  • Practices that endanger an individual’s health and safety
  • Risk or actual damage to the environment
  • Breaking the law (this includes contractual obligations and health and safety regulations)
  • Miscarriage of justice
  • The belief that someone is covering up wrongdoing

It is important to stress that evidence is not required when documenting a complaint. In fact, gathering evidence can do more harm than good if the individuals involved get wind of your suspicion. Nor is it your responsibility to investigate matters, so simply reporting any concerns is the best course of action.

Who Should I Discuss My Concerns With?

Whilst many organisations have a whistleblowing policy, you are still at liberty to choose someone other than the nominated individual or hotline to report your concerns to. Frequently, workers choose to confide in their managers, but when they are implicated in the wrongdoing, this becomes more troublesome. You are permitted to report concerns to other managers within your organisation as well as your organisation’s legal and compliance team or human resources department. For external advice you can contact lawyers, industry bodies (e.g. trade unions) or external whistleblowing helplines like Acas.

Can I Remain Anonymous?

Yes, however this may hinder the investigation. Some people choose to make their reports anonymously for fear of subsequent victimisation from their team. However, even when their name is not disclosed, their identity is often speculated about amongst colleagues. Maintaining anonymity throughout the process means that you cannot be contacted for further information and that you will not receive updates on the process. Furthermore, since the introduction of the Public Interest Disclosure Act 1998, whistleblowers have received legal protection against mistreatment from employers. The alternative to remaining anonymous is making a confidential disclosure. In this situation, your name will not be released until much later in the process when it is strictly necessary to do so.

What Can I Expect Next?

Once you have made the complaint and given all of the relevant information, your role in the report is complete. After your initial meeting you may be contacted to attend another meeting, or receive a phone call, and pushed for further information. After this, the investigation is out of your hands. You can request to be updated on its progress, but you are relieved of the responsibility of following up your concerns.

Why Should I Whistleblow?

Many people fret about the risks of whistleblowing, predominantly mistreatment within the organisation afterwards. However, the benefits of blowing the whistle largely outweigh the risks. Whistleblowing is an ethical act as it is, or should, be performed in the public’s best interest. It is fundamental in protecting an organisation’s customers. Additionally, creating an open and fair culture protects your organisation against fraud and misconduct and the accompanying repercussions. In order to nurture a culture of whistleblowing it is important to raise awareness amongst employees, publish a whistleblowing policy and implement regular whistleblowing training.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

“In a world older and more complete than ours they move finished and complete, gifted with extensions of the senses we have lost or never attained, living by voices we shall never hear.”

Picture of James

James

VinciWorks CEO, VInciWorks

Spending time looking for your parcel around the neighbourhood is a thing of the past. That’s a promise.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

How are you managing your GDPR compliance requirements?

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.

GDPR added a significant compliance burden on DPOs and data processors. Data breaches must be reported to the authorities within 72 hours, each new data processing activity needs to be documented and Data Protection Impact Assessments (DPIA) must be carried out for processing that is likely to result in a high risk to individuals. Penalties for breaching GDPR can reach into the tens of millions of Euros.