Whistleblower Protection Act - Everything companies need to know

On July 02, 2023, the Whistleblower Protection Act (HinschG) came into force.

Under the Whistleblower Protection Act, companies with 250 employees or more must already set up channels through which whistleblowers can report misconduct in a secure procedure. The so-called group privilege applies to corporate groups. This means that there only has to be one reporting office within a group.

For small companies with between 50 and 249 employees, there is a transitional period until December 17, 2023.

Companies with fewer than 50 employees are not required by law to establish hotlines, but may be contractually required by contractors to establish reporting channels.

MROS must have very in-depth legal expertise, as investigations and decisions are to be made in a manner similar to an investigative agency. The responsible employees must be independent and receive ongoing training. Internal employees as officers are thus likely to be given similar special positions under employment law as internal data protection officers (keyword: full protection against dismissal).

Objective of the Whistleblower Protection Act (HinSchG)

Since employees in companies and public authorities are often the first to notice wrongdoing, they can use their tips to ensure that violations of the law are uncovered, investigated, prosecuted and stopped. Whistleblowers assume responsibility for society and should therefore be protected by the Whistleblower Protection Act against disadvantages that they may face because of their report and that could deter them from doing so.

This can also be an opportunity for companies to uncover and stop illegal and damaging activities in their own companies.

What reporting channels must companies provide?

The following reporting channels must be provided by companies:

  • by phone
  • textform
  • personal

A company must make all these reporting channels available.

How should a company react to information?

A company's internal or external reporting office must perform the following procedure upon receipt of a report:

  • It confirms receipt of a report to the whistleblower within seven days at the latest.
  • It legally examines whether the reported violation falls within the material scope of application of Section 2 HinSchG.
  • She keeps in touch with the person providing the information.
  • It checks the content and legal validity of the notification received.
  • If necessary, it shall request further information from the whistleblower.
  • It takes appropriate follow-up measures in accordance with § 18 HinSchG, similar to an investigating authority (hiring similar to § 170 para. 2 StPO or further investigations such as reports, dismissals, etc.).
  • It issues status reports to the whistleblower within specified deadlines.
  • It provides transparent information about the procedure.
  • It documents the procedure under the confidentiality requirement and carries out the necessary destruction of the documentation within the statutory deadlines once the procedure has been completed.

Which violations can be reported?

A whistleblower can report the following violations:

  • Violations of criminal regulations under German law.
  • Violations subject to fines under German law, for example, violations of
  • in occupational safety and health,
  • in health protection,
  • in the event of violations of the Minimum Wage Act,
  • against requirements of the German Personnel Leasing Act (Arbeitnehmerüberlassungsgesetz).
  • against the Anti-Discrimination Act (AGG)

In addition, all regulations relating to the implementation of European legal standards are included.

These include violations of regulations:

  • to combat money laundering and terrorist financing,
  • with specifications for product safety and conformity
  • with specifications for road safety
  • with specifications for ensuring railroad operational safety
  • with specifications for maritime safety
  • with requirements for civil aviation safety
  • with specifications for the safe transport of dangerous goods by road, rail and inland waterways
  • with specifications for environmental protection,
  • with specifications on radiation protection and nuclear safety,
  • to promote the use of energy from renewable sources and energy efficiency,
  • on food and feed safety, organic production and the labeling of organic products, the protection of geographical indications for agricultural products and foodstuffs including wine, aromatized
    wine products and spirits as well as traditional specialties guaranteed, the placing on the market and use of plant protection products and animal health and welfare, insofar as they concern the protection of farm
    animals, the protection of animals at the time of killing, the keeping of wild animals in zoos, the protection of animals used for scientific purposes and the transport of animals and related operations
  • on quality and safety standards for organs and substances of human origin, medicinal products for human and veterinary use, medical devices and cross-border patient care
  • for the manufacture, presentation and sale of tobacco and related products
  • on consumer rights and consumer protectionin relation to business-to-consumer contracts and the protection of consumers in respect of payment accounts and financial services, price indication and unfair commercial practices
  • on the protection of privacy in electronic communications, on the protection of the confidentiality of communications, on the protection of personal data in the electronic communications sector, on the protection of the privacy of users' terminal
    equipment and of information stored in such terminal equipment, on protection against unreasonable harassment by means of advertising via telephone calls, automatic calling machines, fax machines or electronic
    mail and via caller identification and suppression and for inclusion in subscriber directories
  • on the protection of personal data within the scope of the GDPR
  • on security in information technology
  • on the regulation of the rights of shareholders of stock corporations
  • on accounting, including the bookkeeping of companies
  • on procurement procedures
  • Violations covered by section 4d (1) sentence 1 of the Financial Services Supervision Act
  • against legal tax norms
  • against competition law standards
  • concerning statements by civil servants against loyalty to the constitution
  • on the protection of the European Union's financial interests
  • against internal market rules

When is a whistleblower protected?

Protected is a person,

  • which gives an indication about a violation covered by the law.
  • or who had reasonable grounds to believe the reported violations to be true at the time the information was provided.

In contrast, the whistleblower is not protected in the event of intentional or grossly negligent disclosure of incorrect information. In these cases, the whistleblower is liable for the resulting damage.

What protection do whistleblowers have?

The whistleblower is protected from

  • Cancellation
  • Denial of a promotion
  • Salary cut
  • Bullying
  • Discrimination
  • Harm in the social media
  • Withdrawal of a license or permit
  • Negative Performance Review.

In this context, there is a very comprehensive reversal of the burden of proof in dealing with whistleblowers: employers must prove that adverse measures taken against whistleblowers are not related to the whistleblowing/report.

Who is not allowed to report?

Lawyers, defense counsel in a legally ordered procedure, chamber counsel, patent attorneys and notaries and their employees are not allowed to report information that becomes known to them. In the case of agents who do not belong to these professional groups, extensive regulations must be made which cover not only the company but also their employees in detail.

Furthermore, all information subject to the Business Secrets Act may not be reported as a matter of principle. Only if the person providing the information has sufficient reason to believe that the disclosure or disclosure of the content of this information is necessary to uncover a violation and the requirements of Section 33 (1) Nos. 2 and 3 HinSchG are met (notification in a specific form), may notification be made.

Other security secrets or similar mentioned in § 5 of the law may also prevent a report.

What do companies need to implement?

  • Companies must provide legal training and ongoing training to independent internal persons and appoint them as a reporting office. If they select an internal person (employee), this person must be independent and possible conflicts of interest must be ruled out. If you appoint an internal employee as a whistleblower, he or she may perform other tasks and duties within the company as long as there are no conflicts of interest with "normal" activities. As this is practically difficult, you can therefore select suitable external third parties with legal expertise to act as a reporting office. These will usually be lawyers, as they have the legally required expertise to be able to examine the complex issues. Furthermore, lawyers are obliged to undergo further training and are independent of the company.
  • Companies must separately protect important information in the company as trade secrets within the meaning of the Act on the Protection of Trade Secrets. This is done by means of a special procedure. This special protection of secrets can limit the reporting options for this information.
  • You must set up reporting channels yourself or provided by third parties.
  • They must train their employees about the Whistleblower Protection Act and the reporting channels.
  • They must accompany whistleblowers in the process of reporting and comply with the deadlines, actions and steps required by law.
  • You need to cover the reporting channels with secure IT solution.

Consequences of violations of the Whistleblower Protection Act (HinSchG)

If whistleblowers suffer disadvantages in the company as a result of their reports, the company is obligated to compensate for the resulting damage.

Fines of up to €50,000 are provided for violations of the Whistleblower Protection Act. The lack of a reporting office that meets the legal requirements alone leads to a fine of up to € 20,000. This can be imposed several times until the office is set up.

Our services for your company

As a law firm, we relieve your company of all the obligations you face under the Whistleblower Protection Act.

We act as an external reporting office for your company and provide you with a software-based portal. You can integrate this portal on your website or intranet. Whistleblowers can then submit their report in compliance with the law, even anonymously, by e-mail via the portal, by telephone via our whistleblower hotline or in person at our offices. We carry out the required legal checks, initiate the necessary steps, note and observe all deadlines. We conduct correspondence and discussions with whistleblowers and ensure that reports are properly processed and necessary steps are taken.

In summary, we ensure that you comply effectively and legally with the regulations of the Whistleblower Protection Act. With us as an external data protection agency and at the same time as a representative under the Whistleblower Protection Act, costs as well as damages for your company due to abuse of this law can be avoided to a considerable extent.

Please contact us for an individual offer. You can also obtain initial information about our GoldbergUllrich whistleblower reporting office HERE.