Transpose of the Whistleblower directive in Bulgaria
What is whistleblowing?
The term “whistleblowing” describes the process of reporting breaches of law in companies, organizations, and state administrations. To protect the said reporting, a Policy for the protection of the reporting persons (the so-called whistleblowers) was adopted. The European Parliament and Council adopted the Directive (EU) 2019/1937 of the European Parliament and of the Council on 23 October 2019 on the protection of persons who report breaches of Union law (“the Directive”), to materialize and ensure adequate protection through national legislations.
All member states of the European Union (including Bulgaria) are obliged to transpose the Directive. The deadline was and the Bulgarian legislator is currently delayed. As a result, the European Commission issued a motivated statement on concerning this violation of the deadline, according to which will be undertaken certain measures.
Bill for the law on the protection of persons, who report or publicly disclose breaches of the law
On the Bill for the Law on the protection of persons, who report or publicly disclose breaches of the law was published in the Bulgarian Portal for public consultations. The public consultation ended on and currently, the bill is yet to be brought in Parliament in order to be put to vote.
Who does the directive and the new bill affect?
The Bill provides certain obligation both for the employers in the public and the private sector. The employers in the private sector include all employers with more than 50 employees (personal range). The Directive provides a transitional period, in which the said obligation will affect the employers with 50 to 249 employees later in time (in order to ensure proper reaction). The Bulgarian bill does not provide such transitional period and in the event of its acceptance from Parliament all employers with more than 50 employees, including those with less than 249 employees, will have to adhere to these obligations.
A whistleblower receives protection in case of reports or public disclosure for breaches of certain areas both in Bulgarian and Union law (material range). Therefore, the abovementioned employer has to work in those said areas for the obligation to ensure protection to apply to him. Those areas are:
- public procurement;
- financial services, products and markets, and prevention of money laundering and terrorist financing;
- product safety and compliance;
- transport safety;
- protection of the environment;
- radiation protection and nuclear safety;
- food and feed safety, animal health and welfare;
- public health;
- consumer protection;
- protection of privacy and personal data, and security of network and information systems;
Which are the protected persons? – whistleblowers
The protected persons are divided into two. The first ones are the people who report or publicly disclose breaches. Among them are persons working for the employer (no matter the reason for that), and also the persons whose employment contracts are terminated, interns (even those working for free), candidates, suppliers, subcontractors, etc. The others are all the persons connected with the first ones.
What are the employer’s obligations?
As we already said, the Directive and the bill provide a certain obligation for the employers, the fulfillment of which ensure the needed protection for the whistleblowers, as follows:
- Internal reporting channels
- The employers have to establish entirely internal reporting channels and point to a certain employee or division as a “Reporting administrator” who will accept, administrate and follow up on all reports.
- The companies have to inform all employees about the possibilities and order to report breaches, which information has to be clear and easily accessed. This could be fulfilled easily with instructions through which the employer familiarizes the employees with their right to make written, verbal, and even anonymous reports for breaches. The employer also has to ensure their protection.
- Reaction (checkup)
- The employer has to ensure that each report is examined. Each report has to be written in the Reports registry maintained by the employer. The administrator could enact certain measures to prevent or stop the reported breach and also approach the competent authorities. At the same time, the company has to ensure that no reaction will follow against the whistleblower (suspension, lay-off, demotion, early termination or cancellation of contract, etc.).
- Each report has to be treated as confidential information, and both the confidentiality of the very information and the whistleblower’s personality has to be guaranteed. GDPR rules – Regulation (EU) 2016/679 of the European Parliament and of the Council and the Act on the protection of personal data entirely apply.
The Bill provides that when a person reports or publicly discloses breaches according to these regulations and the very information is in fact trade secret, the report will be considered lawful according to the Act on the protection of trade secrets. Thus, the acquirement, usage and disclosure of trade secrets would not be prohibited. Therefore, the companies won’t be able to claim any compensation for the disclosure of trade secrets, and to stop or forbid the usage and disclosure of information etc. This puts the business in a vulnerable state, which is not protected in any way.
Is there anything to do at this point?
Currently the transpose of the Directive is at its bill phase, which bill is yet to be brought in the Parliament. Considering the period of time from the end of the public consultations to now, the bill might suffer some changes hopefully.
In case though that the bill is approved in its current state, it would be best all companies to check if the material and personal range of the bill and Directive includes them. Then, even if the company already has some kind of system for such reports, the company has to ensure that system adheres to all of the above mentioned requirements. In case there isn’t any system, the experts suggest that the best reporting systems are web-based platforms. That way is easier to ensure the needed confidentiality. In each case, the preparation has to start now, so when the new act is approved and published the required changes would be swiftly made.
This article is up to and aims to outline the legislation on the matter. The content set out in this article is not legal advice, and we advise anyone not to make a commercial decision based solely on the information in it, without any qualified legal aid. For more information and assistance on legal matters about online trading you could contact us on the following e-mail: firstname.lastname@example.org.