It follows from the Whistleblowing Directive that possible internal reporting offices could be, for example, the compliance officer or the data protection officer, i.e. employees who already have a dual function. However, this also means that the respective employer remains responsible within the meaning of the GDPR and must also design the whistleblower system itself. It is therefore advantageous to “outsource” e.g. to a law firm as a trusted lawyer or ombudsman: This acts as its own and independent responsible party and can already carry out a legally sound preliminary assessment of the report in the event of a report.
However, the ombudsman does not act as a lawyer for the whistleblower. Otherwise, there is a risk of a violation of the law on the profession of lawyer, because according to § 43a para. 4 BRAO and § 3 BORA, a lawyer may not advise two parties in the same case in conflicting interest. So, it’s all a matter of the right contractual protection right at the beginning.
For further information, please contact:
Diane Frank, Partner
SCHMID FRANK, Augsburg
e: ed.knarf-dimhcs@knarf.enaid
t: +49 (0)1578 90 333 60
#WLNadvocate #Germany #ITlaw #techlaw #technologylaw #legal #lawfirm #network #whistleblower #companylaw #dataprotection #dataprivacy