The Whistleblower Protection Act[1] was published on 24 June 2024 and will come into force after three months, i.e. on 25 September 2024.[2] Companies should start preparing now to implement an appropriate procedure for receiving whistleblowing reports.
Purpose
The Act implements EU legislation on the protection of whistleblowers into Polish law.[3]
Who is covered
- Whistleblowing procedures should be put in place by any entity with at least 50 workers[4] (as at 1 January or 1 July of the relevant year)
- This includes full-time equivalent employees or persons who perform work for remuneration on a basis other than employment, if the entity does not employ other persons, regardless of the basis of the relationship
What can be reported
- A whistleblower may report breaches of the law, i.e. acts or omissions that are unlawful or intended to circumvent the law, in areas including but not limited to:
- Corruption, public procurement, financial services, products and markets, prevention of money laundering and terrorist financing, product safety and compliance, transport safety, environmental protection, food and feed safety, animal health and welfare, public health, consumer protection, protection of privacy and personal data, security of ITC networks and systems, constitutional human and civil rights and freedoms
Can companies expand the list of breaches
- Yes, by adding the possibility of reporting violations of their internal rules or ethical standards
- When the Act was being drafted, labour issues were removed from the list of breaches that can be reported by whistleblowers. However, employers are free to expand the statutory list of breaches to include labour issues
Who is a whistleblower
A whistleblower is a natural person who reports or publicly discloses information on a breach of the law acquired in a work-related context, including: an employee, a temporary employee, a person working on a basis other than employment, including under a civil law contract, an entrepreneur, a holder of commercial power of attorney (Polish: prokurent), a shareholder or partner, a person working under the supervision and direction of a contractor, subcontractor or supplier, an intern, a volunteer, an apprentice.
Whistleblower protection
- Retaliation against a whistleblower, as well as attempts or threats to do so, are prohibited
- The Act contains an illustrative list of retaliatory actions
- In the event of a dispute, it is the employer who must prove that the action taken against the whistleblower was not retaliatory
- The retaliated whistleblower may claim compensatory damages (not less than the average monthly salary) or damages for pain and suffering
- The whistleblower is protected provided that they had reasonable grounds to believe that the information they reported was true and that it signalled a breach of the law
Liability of whistleblowers
Anyone who has suffered damage as a result of a whistleblower knowingly reporting or publicly disclosing false information is entitled to compensatory damages or damages for pain and suffering from the whistleblower.
Obligations of companies
- Establish the internal reporting procedure
- Consult with trade unions or workers’ representatives (if there are no trade unions) on the procedure
- Publish the procedure (the procedure takes effect 7 days after publication)
- Establish the means by which whistleblowers can report breaches (reporting channels)
- Designate a unit/person authorised to receive reports
- Designate a unit/person authorised to follow up on reports
- Acknowledge receipt of the report – within 7 days of receipt
- Provide feedback to the whistleblower – within a maximum of 3 months
- Ensure protection of personal data, appropriate data processing authorisations and privacy notices
- Keep a record of the reports
- Retain personal data and information in the record of reports for a period of 3 years after the end of the calendar year in which the follow-up was completed
Anonymous reporting
Anonymous reporting is acceptable – as long as it is allowed by the internal reporting procedure.
Penalties
It is a criminal offence to prevent or substantially hinder a whistleblower from making a report, to retaliate against a whistleblower, a facilitator or a person connected with a whistleblower, to disclose the identity of the aforementioned persons, or to fail to establish an internal reporting procedure.
Practical challenges
- When implementing the Whistleblower Protection Act in an organisation, the following should be considered:
- Selecting employee representatives for the purposes of introducing the procedure
- Aligning internal procedures (including compliance, anti-corruption, anti-bullying, etc.)
- Aligning local whistleblowing procedures with group policies
- Selecting reporting channels appropriate to the needs of the business
- Designating individuals or departments responsible for receiving and handling whistleblower reports
- Possibility of using external service providers to organise the receipt of reports
- Possibility of using shared resources within the group
Questions? Contact us
[1] The Whistleblower Protection Act of 14 June 2024 (Journal of Laws of 2024, item 928)
[2] Certain provisions, in particular those relating to external reporting, will enter into force on 25 December 2024.
[3] Directive (EU) 2019/1937 of the European Parliament and of the Council of 23 October 2019 on the protection of persons who report breaches of Union law
[4] The rules on internal reporting apply to certain entities regardless of the number of employees (e.g. entities operating in the fields of financial services, products and markets and prevention of money laundering and terrorist financing, transport safety and environmental protection)