This document is designed to provide guidance to all those who receive disclosures through their participation in the EAT project. Most often the recipients are compliance officers associated with EAT beneficiary organisations, but they may also include EAT partners or media organisations. An explanation of the different submission models used in the EAT project is supplied in the Appendix.
Respect anonymity when it is requested
The whistleblowing platforms set up as part of the EAT project give whistleblowers the option to provide complete, partial or no information about their identities.
When a whistleblower wishes to stay anonymous, we recommend that initial investigations be undertaken without requiring identifying information.
Once a whistleblower has confidence that an investigation is being undertaken in a way that minimises the risks to themselves, they may be more comfortable in sharing identifying information.
Ways of producing confidence include communicating the status of an investigation to the whistleblower, setting up a dialogue and being clear about when they can expect to receive further news.
The new EU Whistleblower Directive makes stipulations about investigation procedures and timelines that should be regarded as a baseline standard.
Recognise the costs of whistleblowing for the whistleblower and mitigate them in the way their report is investigated
Retaliation is a real threat for many whistleblowers. Investigative procedures must be designed and implemented so to minimise these risks, whether the whistleblower’s identity is known or not.
Measures that may be taken shall exclude those in or likely to be in a working relationship with the whistleblower, and any individuals who are implicated in the report.
The EU Whistleblower Directive sets down standards for confidentiality and record-keeping that should be abided by.
Verify material based on the value of the information, not on your view of the attitudes or opinions of the whistleblowers
It is important to judge reports received on their merits. In the final analysis, it is the quality and verifiability of the information supplied that is most important.
Assessing the motivation of the source is important only insofar as it assists in judging the veracity of a report.
It may well be the case that verification requires additional information. Be aware that the whistleblower may not have access to this information themselves, or may feel that disclosing this information puts them at risk.
In such cases, where a whistleblower may not have or want to reveal their access to information, they may be able to assist those investigating by letting them know where information be located.
Escalate concerns to regulators and other authorities where appropriate
Some issues for which reports may be received carry with them obligations to pass concerns on to regulators or other authorities.
We encourage partners and beneficiaries to involve regulatory and other authorities where it is appropriate to do so.
One of the least-heard whistleblowing stories is that where concerns have been received and successfully resolved because proper reporting channels are available. We encourage the discussion of successful case studies that have come about through the EAT project.
Securely delete data when necessary in accordance with EAT policy
Whistleblowing reports often include personally identifying information whistleblowers of the reporting person and potentially those who are the subject of the report.
While the preservation of this data will be required for a certain time in order to make sure that reports are adequately investigated, materials should eventually be deleted in accordance with data protection standards.
EAT partners will publish policies for the treatment of this personally identifying data and other content and metadata involved in the EAT project.
Understand the relevant legal frameworks and international standards governing internal disclosures
We encourage all project partners to become familiar with the key international standards in this field. That includes in particular the new EU Whistleblower Directive and the guidelines for ISO 37002 on Whistleblowing Management Systems, which are currently being developed. (https://whistleb.com/blog-news/iso-37002-whistleblowing-management-systems-the-new-global-standard-on-organisational-whistleblowing/)
Share the right information on the reporting process and recommendations on how to protect the data.
Employees and other persons who may want to share information internally have to understand how they are expected to proceed. EAT partners recommend to make available a clear guide to make disclosures, including specification related to data treatment and anonymization.
- How to become a beneficiary
If you are a public agency or a private company and you want to become a beneficiary of the project, please contact with the partner related to your country.