Large and medium-sized companies, as well as local governments, face the necessity of implementing procedures to protect whistleblowers – employees who wish to report irregularities in the workplace. On the one hand, they must have guaranteed anonymity and be protected from potential retaliation from their superiors. On the other hand, the law penalizes false accusations, made for example out of a desire for revenge. Also, the lack of appropriate procedures on the part of the employer will be subject to punishment.
The Act on the protection of whistleblowers was signed by the President at the end of June 2024, and will come into force on September 25, 2024. It introduces new standards in reporting legal violations in Poland. Its goal is to provide an effective and safe system for individuals who wish to report violations or irregularities in their workplace, ie whistleblowers. These regulations implement Directive (EU) 2019/1937 of the European Parliament and the Council of the EU of October 23, 2019, into Polish law.
“The new regulations will cover entities for whom at least 50 people are employed. This refers to people employed under an employment contract, but also for example under civil contracts. This is the first group that will have to implement the new regulations,” says Sylwia Werpachowska, a legal advisor from the ChaÅ‚as and Partners Law Firm, to the Newseria Biznes news agency. “The next group is all public sector units, with the small exception of municipalities and counties with less than 10,000 inhabitants. I should add that entities that employ fewer than 50 people, as well as municipalities or counties with fewer than 10,000 inhabitants, do not have to, but can voluntarily implement the new regulations.”
A whistleblower is an individual who reports a breach of the law that they learned about in a work-related context. This could be an employee, a collaborator (B2B contracts), a partner, company’s body member, an intern, or a trainee. The whistleblower can report observed actions or omissions contrary to law or aimed at avoiding the law. Violations may concern, for example, corruption, public procurement, services and products, combating money laundering, environmental protection, consumer protection, privacy and personal data protection, and constitutional freedoms and human rights. The employer can broaden this catalogue in their internal reporting policies by adding guidelines from their internal policies.
The Act imposes new duties on employers and local governments. First and foremost, they must create safe channels for reporting irregularities, allowing whistleblowers to make anonymous reports and develop and adopt internal procedures for reporting legal violations. Their duties will include ensuring the protection of whistleblowers from reprisals and retaliatory actions such as dismissal, lowering of salaries, withholding promotion, intimidation, or bullying. Employers will also need to provide employee training.
“These are internal procedures, because some of the regulations that will come into effect in December 2024 will relate to so-called external reporting. The Ombudsman will be overseeing this procedure,” the expert adds.
The whistleblower must receive a confirmation of receipt of the report within seven days, and the employer is obliged to keep a register of reports in which all reports and actions taken in response to them are documented. A key issue is taking corrective action in response to the reports made by whistleblowers and informing workers about the results of the conducted investigation. Another issue is to ensure the confidentiality of the reports, including the identity of the whistleblower and the content of the report.
“Preparing the procedures is one thing, but equally important is their appropriate implementation. There are only a few weeks left until the Act comes into force, as it takes effect on September 25, 2024. I believe that implementing the new regulations may be a challenge for many entities. Therefore, it is very important to prepare for the changes in advance, this will certainly not only minimize stress but also the costs associated with it,” Sylwia Werpachowska advises.
Preparing to implement the new regulations may require adapting the IT systems used by the employer, consulting with information security and data protection specialists, training people who will coordinate the entire process and receive reports, and consulting with union organizations.
A failure of the employer to adapt to the requirements of the new Act may entail criminal liability. According to Article 58 of the Act, the person responsible for establishing the internal reporting procedure, who fails to establish it or establishes it with significant violation of the requirements resulting from the Act, will be subject to a fine. In addition, a person who prevents or significantly hinders the making of a report is liable to a fine, restriction or deprivation of liberty for one year.
“Punitive actions, such as bullying or depriving a whistleblower the possibility of promotion or bonus, may be liable to not only a fine but also a restriction of freedom and a prison sentence of up to two years,” points out the lawyer from the ChaÅ‚as and Partners Law Firm. “I’ll add that these penalties work both ways. If a whistleblower reports, for example, out of a desire for revenge, certain violations that turn out to be false, then he also faces a fine, restriction of freedom and imprisonment for up to two years.“