Whistleblowing and personal data protection: employer responsibilities

The term “Whistleblowing” refers to the practice of reporting illicit acts or irregularities within an organization. The new legislation applies to all entities, both public and private, with at least 50 employees, regardless of whether they have implemented the compliance model outlined in Legislative Decree No. 231/2001.

The main distinction among the various entities subject to the new provisions concerns the effective date: for private organizations with at least 249 employees in the previous year and for entities operating in the public sector, the legislation became effective on July 15, 2023. For all other entities, the deadline was set for December 17, 2023.

To establish an effective reporting procedure, organizations must adopt a series of measures, both internal and external, for managing reports. This process includes establishing an organizational structure dedicated to report management, following consultation with union representatives as stipulated in Article 51 of Legislative Decree No. 81/2015. The reporting system must ensure the confidentiality of the whistleblower through the implementation of specific measures and demonstrate the fairness of the process. The legislation recognizes the whistleblower’s right to address the Italian National Anticorruption Authority (ANAC) if the initial report does not receive the appropriate attention from the organization, in addition to other opt...