The maierGROUP whistleblower system
In 2019, the European Union issued a directive that protects people who report breaches of EU law. The so-called Whistleblower Directive has had to be implemented in companies with more than 50 employees since the beginning of the year.
On the one hand, the aim is to ensure that information is received and processed securely and systematically. On the other hand, whistleblowers can submit their information anonymously and confidentially. Compliance violations should be detected at an early stage and any resulting damage averted. A whistleblower system offers both whistleblowers and the company a secure way to report and follow up on reports.
We have set up an external reporting office for this purpose via our data protection officer, lawyer Tobias Marx. If you suspect that our company is violating applicable law, you can report this confidentially and securely to the following e-mail address:
whistleblower-maierhdh@dsg-ulm.de
If you suspect that applicable law is being violated in our company, you can report this confidentially and securely.
Only Mr. Marx and a representative from his team have access to this e-mail address.
Mr. Marx has summarized background information and answers to frequently asked questions in a separate document.
All information on this topic can also be found on Citrix under the button: “Whislleblower Policy”.
FAQ
Get answers here
The EU Whistleblower Protection Directive 2019/1937 is an EU directive that came into force in 2019. It serves to protect whistleblowers who report wrongdoing in companies. The directive had to be transposed into national law by the Federal Republic of Germany by December 17, 2021. Following the introduction of the national law, companies with 250 or more employees are obliged to set up appropriate procedures in their company organization. For companies with 50 or more employees, a deadline for implementation of 2 years is expected.
Protection under the Directive is granted to any person who, as an insider, obtains certain information about a company that indicates that processes within the company violate applicable laws and wishes to disclose these violations for reasons of conscience. In addition to employees of the company, external employees, applicants or journalists are also conceivable whistleblowers. The whistleblowers should be protected against any reprisals within the company, such as dismissal or a transfer to an unpopular position, by ensuring that the reporting procedure is anonymous from the outset.
By setting up devices and systems in the company that ensure internal and external reporting channels for whistleblowers.
The reports must be submitted in such a way that the identity of the whistleblower is not revealed and that the procedure complies with national data protection legislation. In Germany, this is the General Data Protection Regulation (GDPR). Suitable systems can be any type of channel that enables the whistleblower to communicate the information to an appropriate person, such as a compliance officer or an external body tasked with receiving reports, without disclosing the identity of the whistleblower.
Disclosure would be given if it were obvious to anyone that a specific employee had submitted the report of a grievance or if this could be easily determined contrary to the provisions of the GDPR. The data of possible accused persons must also be treated with the utmost confidentiality in accordance with national data protection legislation.
The Whistleblower Directive protects the whistleblower from sanctions under employment law. The employer is prohibited from taking measures that are detrimental to the whistleblower under employment law. This also includes the prohibition of informal measures such as bullying. If the company violates this and nevertheless sanctions the whistleblower, the company itself may be subject to sanctions, for example in the form of a fine.
In accordance with the Directive, the whistleblower must receive confirmation from the investigating body within seven days that their report has been received. After a further three months at the latest, a report must be made to the reporting person (1) on the extent to which the information has been processed, (2) what measures have been taken and (3) what the outcome of these measures is.
The external body will immediately confirm receipt of the report and begin analyzing the information. The matter will then be investigated and checked for any necessary adjustments or follow-up measures. If necessary, coordination with other responsible bodies will take place, although the anonymity of the whistleblower will always be preserved. If necessary, the external reporting office will recommend personnel or systemic measures to remedy the grievance or – particularly if there is a suspicion of criminal conduct – will involve the competent investigating authorities, whereby the anonymity of the whistleblower will also be preserved in this respect.
The external reporting office is bound by professional secrecy, so that in the event of violations, the external reporting office itself would be liable to prosecution (apart from considerable consequences under professional law). The whistleblower’s data is therefore not passed on to the company. In addition, data processing must also be carried out in accordance with the applicable data protection regulations, according to which the disclosure of the whistleblower’s data to the company would be inadmissible.
No. The whistleblower must only have had reasonable grounds to believe at the time of the whistleblowing that the reported information on breaches was true and that this information fell within the scope of the Directive. If the breaches cannot subsequently be proven, this is therefore not to the detriment of the whistleblower. The Directive only denies protection in the case of deliberate or reckless false reports. In this case, the whistleblower may also face sanctions and other negative legal consequences.
No. In contrast to previous German law, the Directive has deliberately refrained from subjecting the whistleblower to a motive test. This is to avoid the whistleblower being denied protection in an unforeseeable manner because a court is subsequently of the opinion that their motives were not “honorable” enough.