Financial Institutions that are covered by Directive 2013/36/EU (Capital Requirements Directive) in relation to prudent financial management are, amongst other things, required to implement whistleblower procedures in order to address financial irregularities within their businesses.
The above Directive impacts a wide range of financial institutions and is currently the subject of a consultation in the UK. In Denmark however, their Data Protection Authority has issued instructions regarding the use of internal whistleblower processes indicating that they need to be registered with the Data Protection Authority immediately.
Many regulated organisations already have whistleblower hotlines, particularly those that are subject to SEC regulations, and to that extent are already required to register those whistleblower hotlines with Data Protection Authorities in the EU in most cases.
This new requirement in Denmark adds a further obligation in respect of registration in that a specific form is required to be used where the whistleblower program is used for reporting of violations of financial regulations.
The information we have received indicates that the deadline for submitting registrations or amendments to registrations was November 8th. However, there will still be time to come into compliance taking into account that the first of January next year is the cut-off date.
For more information please contact Robert Bond, Partner