Which companies are affected by the “Lov om beskyttelse af whistleblowere” - the new whistleblowing law in Denmark?
In accordance with requirements set out in the EU Whistleblowing Directive 2019, the Act requires private sector employers with 250 employees or more, and public sector employers, to implement a whistleblowing hotline by no later than 17 December 2021. This is when the new whistleblowing law in Denmark came into force. Companies with between 50 and 249 employees have an extended deadline until 17 December 2023 to fulfill this obligation.
Are joint Group schemes possible?
The law also opens up the possibility for larger companies with 250 employees or more operating under a parent company to set up a joint Group scheme. The parent company would then act as a whistleblowing unit and process whistleblowing reports, liaise with the whistleblower, follow up on the report and carry out necessary investigations.
This differs from the original bill which only made provisions for private companies with 50-249 employees to join forces and share resources. Companies with 250 employees or more were required to set up a separate hotline. The Ministry of Justice made this change in response to objections raised by Danish interest groups and large companies about the administrative and cost burden associated with this provision and also concerns about reduced protection of whistleblowers which could result.
There remains however doubt as to whether this option is consistent with the EU Whistleblowing Directive. The Danish Ministry of Justice states that it will follow the EU Commission’s and other EU countries’ interpretation of the Directive on this point and the Whistleblower Protection Act makes clear that companies cannot make use of a Group-wide scheme if the Danish interpretation differs from the EU Commission’s and other EU countries’ interpretation. We recommend therefore that larger Group companies keep up-to-date on developments.
Requirements on whistleblowing hotlines
The Whistleblower Protection Act sets out a number of additional requirements on whistleblowing hotlines. These include:
- Any whistleblowing system must be able to handle the confidentiality of the whistleblower's identity and the identity of persons named in the report (however the Act does not state that whistleblowers should have the option to report anonymously).
- Any whistleblowing system should allow whistleblowers to report in writing, orally or both. In either case whistleblowers should have the possibility to confirm and rectify their report.
- Organisations should establish whistleblower policies and procedures to demonstrate effective implementation of their hotline.
- Persons responsible for handling reports can be either internal or external (e.g. ombudsman).
- Reports need to be followed up carefully, with confirmation of the report provided to the reporter within 7 days and detailed feedback provided within 3 months (+7days).
Lov om beskyttelse af whistleblowere: What can be reported and how?
Whistleblowers can report on breaches of EU law, but the Act also covers reporting on breaches of Danish national law and infringements of a serious nature (bribery, corruption, sexual harassment, for example). The Danish Whistleblower Protection Act thus extends the scope of the EU Whistleblowing Directive.
Reports related to personal HR grievances and conflicts as well as reports of breaches of internal guidelines of a less serious nature fall outside the scope of the Act. This however does not mean that such matters cannot be reported through the internal reporting channel of the company.
The Whistleblower Protection Act does not protect reports related to issues of national security, matters covered by legal privilege, health information covered by the Health Act, criminal proceedings or the court’s deliberations and voting.
While the Act respects the whistleblowing hierarchy (internal, then external, then public), it appears that reporters have the choice between reporting internally or externally to the authorities. The Act establishes several external whistleblowing hotlines – for example, the Danish Data Protection Agency will establish an external hotline for handling reports related to infringements of EU law.
Public reporting is allowed if there is an imminent threat or if the reporter has reasonable grounds to believe that internal or external reporting may not be effective or could be counterproductive.
Who can blow the whistle under the Danish Whistleblower Protection Act?
The Act only obliges companies and organisations to make their whistleblowing channels available to employees, but they can if they wish open it up to reports from other people who have a work-related connection, for example business partners, suppliers and other external parties. If a company’s hotline only accepts reports from its employees, external parties may instead use an external whistleblower hotline (such as the one established by the Data Protection Authority).
How are whistleblowers protected?
The Whistleblower Protection Act protects all whistleblowers who report in good faith from retaliation. Retaliation can be understood as unfavourable treatment which the whistleblower is subjected to as a result of making the report. The employer must prove that the whistleblower has not been subjected to retaliation in cases where the whistleblower can prove that he or she has made a report and has suffered unfavourable treatment as a result.
Access the legal text of the “Lov om beskyttelse af whistleblowere”.
Whistleblowing Laws in the European Union
A glance at the implementation of the EU Whistleblowing Directive in EU Member States