The bill on the protection of whistleblowers in Poland is at the final stage of the legislative process and the core provisions have been set.
Key provisions of the bil
Under the new law, reporting irregularities will be permitted via different reporting channels:
- internal channels: entities (both private companies and public bodies) that employ at least 50 individuals will be required to establish an internal channel for reporting any and all violations of the law;
- external channels (e.g. Ombudsman and public authorities);
- public disclosure (e.g. reporting in the media).
Anonymous reporting is permitted through internal and external channels. However, entities that receive reports will independently decide whether or not to consider reports submitted anonymously.
The subject of a whistleblower notification can include violations of law or unlawful activities concerning services, products, financial markets, corruption, public procurement, anti-money laundering, product safety and compliance, consumer protection, privacy and personal data protection, the internal market of the European Union, along with constitutional freedoms and human and citizen rights.
The only outstanding question is whether a violation of the labour law can be the subject of a whistleblowing report. Currently, the Parliament is considering whether or not to accept the Senate’s amendment to remove labour law violations from the list of whistleblower notifications.
The bill provides for penalties. Failure to establish internal reporting procedures or significant violations in implementing such procedures constitutes an offense punishable by a fine. The maximum amount of the fine is PLN 1,080,000 (approx. EUR 249,000).
Timeline
The new law will enter into force three months from the date of promulgation, except for provisions on external reporting, which will have a further three months for implementation.
Recommendation to employers
As the entry into force of the bill is imminent, employers are already able to begin preparing for the implementation of the new law, said preparation includes:
- Setting up internal reporting channels;
- Developing or reviewing internal policies regarding reporting irregularities;
- Establishing internal reporting procedures, which must comply with GDPR;
- Designating individuals responsible for managing reports and providing them with appropriate training.
By Marta Wasil, Associate, Wolf Theiss