Whistleblowing from data protection perspective

The Czech Data Protection Association in cooperation with FederPrivacy, Italian association of privacy professionals, organized an online seminar on the current topic of whistleblowing on 26th October. The webinar presented excellent panelists from various EU member states to share their experiences on the whistleblowing process implementation and related data protection issues with more than 50participants from a number of European countries.

The webinar was moderated by Ms Alice Selby, board member of the Czech Association for Personal Data Protection. After the opening of the webinar by Mr Luciano Corino, vice-president of FederPrivacy, and Mr František Nonnemann,vice-president of the Czech Association, the panel discussion started with the following speakers:

-         Mr Basile Guley (France): Compliance lawyer at the French data protection supervisory authority, Le CNIL. Mr Guley, among other things, drafted the two successive versions (2019 and 2023) of the “Guidance on processing personal data in the context of whistleblowing”, which were later adopted by the commissioners of the CNIL.

-         Ms Rohia Hakimová (Czech Republic): Experienced compliance manager with the expertise both from the public and private sector and executive Board Member of the Czech Compliance Association.

-         Ms Regina Mühlich (Germany): Business Lawyer, with long experience in data protection especially from the private sector and a Board Member of the Association of Data Protection Officers Germany (BvD).

-         Mr Alessandro Burro (Italy): Qualified lawyer with comprehensive experiences in helping organisations in complying with personal data protection regulations,in the management of personal data violation events as well as in the relations between companies and the Italian Data Protection Authority.

Each of the panelists presented the state of transposition of EU whistleblowing directive(directive no. 2019/1937) in their country and then highlighted problematic points or issues that are being addressed in relation to the implementation of whistleblowing processes. Participants of the webinar were thus able to gain a deeper insight into how several practical issues related to the implementation of whistleblowing and personal data protection are addressed in different EU Member States.

In the discussion, the participants also raised other issues or challenging points.For example, we discusses whether and under what conditions the data protection officers can act as a whistleblowing investigator at the same time and how toavoid conflicts of interest, what is the legal title for processing of whistleblowing notification made through an internal or external whistleblowing channel or whatis the legal status and responsibility of entities proving the role of the whistleblowing investigator as a service (personal data controller or processor?) etc.

The webinar brought unique opportunity to share and discuss similar challenging points with representatives of different sectors (regulator, public sector, private companies) and from different countries. For that reasons, similar online events will be organized by FederPrivacy and Czech Data Protection Association next year as well.