Personal data protection /

Whistleblowing and GDPR: New data protection rules from 25 September 2024

25 September 2024, the law on protection of whistleblowers came into force in Poland. This regulation affects many aspects of business, an important one being data protection.

Let’s see what impact the whistleblower protection rules introduced by this law have on data protection rules. Details of whistleblowing act in general are described HERE and HERE.

Anonymity of Whistleblowers: How to ensure effective data protection?

In certain cases, depending on the solutions designed by the entity implementing whistleblowing protection solutions, anonymous submissions can be provided. In such a situation fully anonymous contact shall be enabled for use by whistleblower.

In certain cases anonymous submissions can be provided. In such a situation fully anonymous contact shall be enabled for use by whistleblower.

Confidentiality of Whistleblower Data: Key Regulations You Need to Know

The basic principle provided by the law is the secrecy of the whistleblower’s personal data. Disclosure of such data is only permissible under specific circumstances, such as with the whistleblower’s consent.

The bill regulates exceptions towards information clauses given to data subjects (such as individuals mentioned in a whistleblower’s report). Specifically, the source of the personal data should not be disclosed to ensure the whistleblower’s protection. Such a measure enables real whistleblower protection. Similarly, the ability of data subjects to enforce their rights regarding the origin of their personal data (from a whistleblower) has been limited.

In addition, a whistleblower’s notification or public disclosure will not give rise to liability for a breach of the GDPR. This is a key protection guarantee.

Also data retention periods have been regulated by the bill in detail. The issues of confidentiality and authorization to process data have also been emphasized in the law on protection of whistleblowers.

Notification or public disclosure by a whistleblower will not give rise to liability for a breach of the GDPR.

Outsourcing whistleblower notifications: how to ensure GDPR compliance and avoid risks?

When outsourcing the processing of whistleblowing notifications, it is essential to remember about principles of entrustment of personal data processing.

Implementing whistleblowing solutions shall also entail reviewing and completing internal GDPR documentation, such as registers, risk analyses, authorizations to process personal data.

If you have any questions or need assistance, feel free to contact us. Our Law Firm will help you! We also encourage you to subscribe to our newsletter to stay updated with the latest legal news and important regulatory changes.

Author team leader
Contact our expert
Write an inquiry: [email protected]
check full info of team member:

Contact us

Flaga Polski.POZNANPOLAND
pl. W. Andersa 3
61-894 Poznań
+48 61 853 56 48[email protected]
Flaga Polski.WARSAWPOLAND
Rondo ONZ 1
00-124 Warsaw
+48 22 300 16 74[email protected]
Flaga Polski.KRAKOWPOLAND
Opolska 110
31-355 Kraków
+48 61 853 56 48[email protected]
Flaga Polski.ZIELONA GÓRAPOLAND
Jana Sobieskiego 2/3
65-071 Zielona Góra
+48 61 853 56 48[email protected]
Flaga Włoch.MILANITALY
Via F. Sforza 15
20122 Milan
+48 61 853 56 48[email protected]
See all local services