A remarkable difference between the European Directive and the Dutch Whistleblower Protection Act is that, according to the Directive, reporting channels must be secured. This aspect is missing from the Dutch draft act. That is peculiar. But you can imagine that a judge will take the European Directive into account when assessing a case, if the European Directive provides more protection than the Dutch legislation.
At the same time, it is also clear from the draft Dutch legislation that the identity of the reporter may not be revealed unless he or she gives permission to do so. Implicitly, this means that the reporting channels must still be properly secured.
Imagine, for instance, that a senior manager of the organisation instructs the IT manager to discover and disclose the identity of the whistleblower. That should not be possible. However, if the reporting form is on the organisation’s own website, the IT manager may be able to do so, deducting this from the IP address of the whistleblower. The IT manager might also force access to secured files on the internal network. In order to prevent this, it would make sense to use an external reporting platform. Only then can the identity of the reporter be properly protected. And only this will enable real anonymous reporting.
Would you like to know more about this? Please contact us.