Are you aware of the new Whistleblower Protection Act? Let Synch help you with WeSynch Whistle!

Do you remember the GDPR-stress back in 2018? Make sure to be ready this time! 

The Directive (EU) 2019/1937 of the European Parliament and the Council on the 23rd of October 2019 (the “Whistleblowing Directive”) lays down the regulatory requirements for the Member States concerning the protection of whistleblowers. 

In the light of the Whistleblower Directive, the Swedish Government presented a proposition on the 20th of May 2021 for the implementation of the Whistleblower Directive (2020/21: 193), with a proposal to replace the current Act (2016: 749) (the “Whistleblower Protection Act”). The Parliament voted in favour of the proposal on the 29th of September 2021. 

The new Whistleblower Protection Act sets out extensive requirements for companies. As with the GDPR-stress of 2018, it may be difficult to know where to start. Below, you can read about how Synch can assist your work in becoming compliant with the Whistleblower Protection Act through our product WeSynch Whistle. Additionally, we have also answered the most frequently asked questions related to the new Whistleblower Protection Act. 

When do we need to act? 

It depends on which action it regards and how many employees your company has. The Whistleblower Protection Act enters into force on 17 December 2021, meaning irrespectively of how many employees you have, you need to ensure the protection of whistleblowers from the 17th of December 2021. Nevertheless, the requirement to implement an internal whistleblowing system is applicable from 17th of July 2022 for companies with 249 employees or more and from 17th of December 2023 for companies with 50 to 249 employees, with the number of employees being calculated at the beginning of each calendar year. Despite that, our recommendation is to act as soon as possible. In this way, you will be well prepared when the requirements on internal whistleblowing systems enter into force and ensure protection following the law from the 17th of December 2021. 

What is an internal whistleblowing system? 

An internal whistleblowing system is an internal reporting channel that enables the reporting of breaches. The Whistleblower Protection Act specifies that a whistleblowing system shall be simple and easily accessible and that there shall be an opportunity for the whistleblower to report both in writing and orally. The Whistleblower Protection Act does not set specific technical requirements for a whistleblowing system. Nevertheless, our recommendation is to use a well-developed technical system to, as simple as possible, live up to the requirements of the law. 

Companies with 50-249 employees are allowed to share one common whistleblowing system, however, the contact with the whistleblower shall not be shared. On top of that, it is not permitted for corporate groups with more than 249 employees within one single entity to share a whistleblowing system for the entire group. This may mean that medium-sized and large groups, with already established whistleblowing systems, may need to review their whistleblowing system to ensure that it fulfils this legal requirement. 

Who is a whistleblower and what can he/she whistle about? 

A whistleblower is someone who reports information about breaches acquired in the context of work-related activities. It may be an employee, a former employee, a person applying for employment, a volunteer, a trainee, a shareholder who is active within the company, or a consultant who applies for or carries out an assignment. 

Whistleblowing can take place regarding information about EU or Swedish law, in particular, information about breaches that should be revealed in the public interest, for example, labour exploitation, money laundering, terrorist financing, environmental protection, or consumer protection. 

What should we do when someone blows the whistle? 

Specific independent persons or entities shall be designated as competent to handle whistleblowing reports. Such case manager may be a third party, for example, a law firm. The case manager is responsible for confirming the receipt of the report within seven days, keeping contact with the whistleblower, and providing feedback to the whistleblower within three months after receiving the report. 

Furthermore, there are requirements in place regarding the documentation of incoming reports, whether written or oral. Reports shall be disposed of when they are no longer necessary, but in any case, no later than two years after a follow-up case has been closed. In addition, the documentation needs to be done under the General Data Protection Regulation (the “GDPR“). Consequently, the case manager needs to review which personal data in a whistleblowing report that is necessary for the investigation, which personal data needs to be masked, etc., to act under the GDPR. 

How should we act? 

Get in touch with us at Synch! With our product WeSynch Whistle, we can help you to become compliant with the Act law and assist with both the implementation of whistleblowing systems, policies, and routines as well as acting as your case manager. Please read more in our whitepaper here. If you are interested in our services, do not hesitate to contact us via the contact information below: 

Amanda Espinasse, amanda.espinasse@synch.law, +46 73 388 81 65, or 

Karolina Pekkari, karolina.pekkari@synch.law, +46 76 126 91 11 

News and Insights
Blog Posts

Responsibility of online platforms and the regressive opinion of the Advocate General

08/12/2020

This blog post was written by My Byström, lawyer at Synch A comment on the opinion of the Advocate General in joined cases Youtube (C-682/18) and Cyando (C‑683/18) In December, the CJEU is expected to deliver its judgement in the joined cases Youtube and Cyando, where questions regarding the liability of platforms for user uploaded materials have […]

Press release

Synch has acted as legal advisor to Favro

05/01/2022

Synch has acted as legal advisor to Favro in its USD 4.25 million seed funding lead by Practica Capital and Scale capital with participation from Creandum, Inbox Capital, serial entrepreneur Christopher Beselin, and other strategic investors. Favro offers a collaborative planning platform that accelerates growth by bringing more business agility to the future of working-from-anywhere. […]

Blog Posts

Increased possibilities for Companies to enjoy tax relief when implementing qualified employee stock options  

09/12/2021

In the budget bill for 2022, the Swedish government proposes amendments to the regulations on taxation of employee stock options. The proposal eases the fiscal burden for some young businesses which means that more companies can take advantage of the benefits with tax exempt qualified employee stock options. The new rules are proposed to enter into force on 1 January 2022.   As of today, employee stock options have not been taxed as income of employment if certain requirements of the issuing company, and […]

Blog Posts

Blockchain and the law – an introduction 

09/12/2021

More and more people are familiar with the term “blockchain” however not everyone would claim that they get it or be sure what it is supposed to be used for. Blockchain – this amazing and somewhat mystical invention – is generating a gigantic measure of interest in the innovation field among both startups, cryptocurrency enthusiasts, governments, the security industry, the art field and more. It is anticipated to […]

Blog Posts

Are you aware of the new Whistleblower Protection Act? Let Synch help you with WeSynch Whistle!

09/12/2021

Do you remember the GDPR-stress back in 2018? Make sure to be ready this time!  The Directive (EU) 2019/1937 of the European Parliament and the Council on the 23rd of October 2019 (the “Whistleblowing Directive”) lays down the regulatory requirements for the Member States concerning the protection of whistleblowers.  In the light of the Whistleblower Directive, the Swedish Government presented a proposition on the 20th of May 2021 for the implementation […]

Press release

Synch advised All Ears in their latest funding

07/12/2021

Synch acted as legal advisor to All Ears AB in connection with their latest funding round where they raised 50 MSEK. Bonnier Ventures acted as lead investor and also Alfvén & Didrikson participated.. All Ears monitors the new spoken media through media monitoring and social listening services such as TV, radio, podcasts, YouTube and other […]

Press release

Synch assists when a leading IAM player is created

26/11/2021

Synch has assisted SecMaker and its owners in connection with the merger with Pointsharp. The merger creates a leading software provider in identity and access management. Pointsharp, with the support of Main Capital, is on a growth journey to become a leading European supplier in identity and access management. The acquisition of SecMaker is the […]