Guidelines on processing personal information within a whistleblowing procedure
The following guidelines are an update of the guidance on whistleblowing published in July 2016.
The aim of whistleblowing is to shine the light on corruption by providing safe channels for staff or other informants to report unethical behaviour in the workplace. Such procedures require the processing of sensitive personal information relating to suspected wrongdoers, whistle-blowers, and other parties, such as witnesses. EU institutions and bodies are obliged to have clear whistleblowing procedures in place. The obligation is placed upon them by the EU Staff Regulations, which state that officials who become aware of a possible illegal activity should report it without delay. Due to the specificity of this procedure and risks imposed on the persons involved, the protection of their personal data is of the utmost importance.
The following guidelines are an update of the guidance on whistleblowing published in July 2016.
Prior-check Opinion on European Monitoring Centre for Drugs and Drug Addiction's (EMCDDA) internal procedures and guidelines on whistleblowing (Case 2016-1083)
Prior-check Opinion on “Whistleblowing procedure in the REA and the relevant internal fraud issues” (Case 2014-0178)
Prior-check Opinion on FRA’s whistleblowing rules (Case 2016-0737)
Prior-check Opinion on the ECHA’s whistleblowing procedure (Case 2015-1029)