Whistleblowing in companies

In the area of compliance, whistleblowing is becoming increasingly important for companies. Regulations of the EU and the German legislator on the protection of whistleblowers and the establishment of internal reporting channels must be observed.

Eine Juristin der Kanzlei mit ihrem Team an einem Bürotisch.

Whistleblower system with a Whistleblowing Ombudsperson

Companies with 50 or more employees are obligated by the German Whistleblower Protection Act to set up internal reporting channels.

The best solution for this is a whistleblower system combined with a Whistleblowing Ombudsperson. This way you maintain your compliance and gain the trust of your employees.

Unsere Datenschutzservices

Ein Datenschutz-Jurist von lächelt in die Kamera, während hinter ihm weitere Mitarbeiter der Kanzlei an einem Fall arbeiten

EU- bzw. DSGVO-Vertreter

Für Nicht-EU-Unternehmen:
Bestellen Sie unsere Kanzlei als Ihren EU-Vertreter nach DSGVO und verkaufen Sie Produkte und Services in der Union.

Zwei Mitarbeiterinnen von besprechen einen Fall


Für Unternehmensgruppen:
Flexibler Datenschutz-Support für Ihren Konzern und angegliederte Unternehmen in Europa und weltweit.

Zwei Mitarbeiter von activeMind arbeiten zusammen an einem Laptop an einer Datenschutzberatung

Externer Datenschutzbeauftragter

Für Unternehmen in der EU :
Die umfassende Lösung für DSGVO-Compliance Ihres Unternehmens oder Konzerns.

Coming soon!

Current guides on whistleblowing in the commercial context

The German Whistleblower Protection Act

The Whistleblower Protection Act is intended to protect whistleblowers and whistleblowers. Employers must fulfill various requirements and, if necessary, set up internal reporting channels.

Questions and answers on whistleblowing for companies

Frequently asked questions about whistleblowing and whistleblowers in companies – answered by the compliance experts at

Whistleblowing occurs when employees report information about violations of applicable law or internal rules within the company. This includes reasonable suspicion of actual or potential violations that have occurred or are likely to occur in the organisation where the whistleblower works or has worked, or in another organisation with which the whistleblower is or has been in contact as a result of his or her work, as well as attempts to conceal such violations.

In principle, internal reporting points or whistleblower reporting channels (whistleblower systems) are intended for employees of a legal entity. The internal reporting channels can also be expanded to include

  • Self-employed persons (within the meaning of Art. 49 TFEU),
  • Shareholders and persons who are members of the administrative, management or supervisory body of a company (including non-executive members),
  • Volunteers and interns,
  • Persons working under the supervision and direction of contractors, subcontractors and suppliers.

According to the EU Whistleblower Directive, violations of EU law may be reported, these are in particular:

  • Public procurement,
  • Financial services, financial products and financial markets, and the prevention of money laundering and terrorist financing,
  • Product safety and conformity,
  • Road safety,
  • Environmental protection,
  • Radiation protection and nuclear safety,
  • Food and feed safety, animal health and welfare,
  • Public health,
  • Consumer protection,
  • Protection of privacy and personal data and security of network and information systems,
  • Infringements of the Union’s financial interests within the meaning of Article 325 TFEU and as further defined in relevant Union measures,
  • Infringements of internal market rules within the meaning of Article 26(2) TFEU, including infringements of Union rules on competition and State aid, as well as infringements of internal market rules in relation to acts which breach corporate tax rules or in relation to agreements aimed at obtaining a tax advantage contrary to the object or purpose of the applicable corporate tax law.

The German Whistleblower Protection Act also covers reports of violations of German law in some cases:

  • Violations that are punishable by law,
  • Violations that are subject to a fine “insofar as the violated regulation serves to protect life, limb or health or to protect the rights of employees or their representative bodies”,
  • Violations of national legal acts in explicitly named areas, such as corruption, money laundering or tax fraud, as well as violations of environmental protection or food safety regulations.

Legal entities in the private sector with 50 or more employees as well as public authorities and municipalities with a population of 10,000 or more are obliged to set up internal whistleblower reporting channels. More information in our article on the Whistleblower Protection Act.

Under the EU Whistleblower Directive, it is up to individual member states to decide whether legal entities in the private or public sector are obliged to receive and follow up on anonymous reports of violations.

The German Whistleblower Protection Act does not provide for an obligation to establish anonymous reporting channels. Nevertheless, reports submitted anonymously are to be processed.

Employers must ensure reporting in written or oral form, or both. Consideration can be given to setting up a hotline, an internet-based whistleblowing system, reporting by post, via an in-house complaint box or in person.

Compliance builds sustainable trust


Contact us!

Secure the knowledge of our experts!

Subscribe to our free newsletter: