• Whistleblowing – whistleblower protection

New corporate whistleblowing protection obligation

Businesses are vulnerable to events that damage their reputation, and business leaders are increasingly aware of the need to ensure and demonstrate corporate integrity. They also recognise that they need to be much more proactive in managing these risks than they have been to date. Each year, BDO's network produces an international survey on the risks, that drive the business world. The pandemic has shown that risk-averse companies have performed much better. Success factors included the ability to look at problems from a different perspective: openness and flexibility in processes, as well as care for employees, partners and the wider public. Loyalty, in particular, helps to weather crises of all kinds.

A secure internal communication channel and whistleblower protection are important mechanisms for responsible business. It helps to build trust in relationships, thereby fostering long-term cooperation.

Some companies or public organisations are already obliged to establish an internal whistleblowing channel. In the future, this obligation will be extended to virtually all companies and organisations (companies with more than 25 employees, the public sector, etc.). These requirements stem from the new European Directive (EU) 2019/1937 on whistleblower protection.


TIP: How to pragmatically manage the new whistleblower protection obligation


A practical step-by-step guide on how to prepare for your new duty.


What is the Whistleblower Protection Directive?

The aim of the Directive is to provide legal protection for whistleblowers who witness unethical or illegal behaviour in a company. They report damage to the public interest of which they become aware in the course of or in connection with their employment. According to the Directive, damage to the public interest is to consist in a breach of the law in predefined areas in which European Union institutions exercise their competence. These include public procurement, financial services, money laundering and terrorist financing, environmental protection and others. The Czech Whistleblower Protection Bill is already being discussed by the Chamber of Deputies. If the Parliament fails to approve the bill, the obligations related to the Directive will be enforceable in the Czech Republic in the wording of the European Directive as of 17 December 2021.

What are your obligations under it?

The new obligations do not only affect state organisations or large multinationals. All companies with 25 or more employees must set up an internal reporting system. So too must public contracting authorities, except for municipalities with up to 5,000 inhabitants. Businesses and other entities will be obliged to set up what is known as an internal reporting system, i.e. secure procedures for receiving and investigating reports. Above all, the system must keep the identity of whistleblowers confidential. You will also have to designate a person who will be responsible for receiving and investigating reports. The choice of form of reports is essentially up to the whistleblower; you must allow the whistleblower to submit reports in writing and orally. In addition to employees, contractors or job applicants can also submit reports. The whistleblower also has the right to be informed in writing of the receipt of the report within 7 days, and has the right to be informed of the findings of the investigation within 30 days.

New obligations

It will be crucial for companies and organisations to have an internal reporting system in place by the end of March next year. They will need to have a functional and secure system for receiving reports by 1 April 2022 at the latest.

The penalty for violation of the obligation under the Whistleblower Protection Act is a fine of CZK 1 million or 5% of the company's net turnover. Compliance with the principles of corporate social responsibility and good relations with key partners and the public are also increasingly important. Violating whistleblower protection obligations can discourage existing and potential partners from cooperating and damage a company's reputation.

Before you decide to implement a reporting system in your company, consider what it should do:

  • Have you chosen a solution that is secure enough?
  • Have you designated a person responsible for the operation of the system?
  • Have you determined who will have (admin) access to the system?
  • Have you ensured user confidentiality while allowing them access to feedback?
  • Have you chosen who will assess and evaluate each report?
  • Have you established appropriate procedures and metrics for assessing reports?
  • Have you instructed users on how to use the system?

Legislation that would fully cover the issue of whistleblowing has been lacking in the Czech Republic for a long time. As a result, Czech companies often deal with whistleblowing only marginally and some do not even use any internal whistleblowing system. Unlawful and unethical behaviour in the workplace damages the company's image, demotivates employees and can be very costly.

The lack of a proper reporting system means that people do not know how to report. Alternatively, they are concerned that their identity will be revealed, that they will be labelled as a whistleblower and that they face retaliation from colleagues or superiors. They may therefore consider entrusting the information to an outside party (media, police, legal counsel, administrative authority, etc.). In such a case, there is a risk of embarrassing media scandals or even legal proceedings. The reason for introducing an internal whistleblowing system should therefore not only be to comply with legislative requirements, but also to prevent unethical and unlawful conduct and to obtain regular feedback on the operation of your organisation.

Physical mailboxes or e-mail boxes are already obsolete and do not fully comply with the European Directive. That is why these traditional reporting channels are being abandoned and online solutions that meet the conditions of the new obligation are being developed. These can bring excellent results for companies.




"Companies are worried about what the new obligation will bring. The new BDO Risk Landscape confirms that those who look after their people and their environment can manage crises better. I am convinced that many businesses and owners are sympathetic to this approach, even if they may not otherwise be familiar with the EU lingo. BDO's approach is to offer pragmatic and affordable solutions. We want to support our partners to seize the opportunities and manage the risks associated with the new regulation."

Stanislav Klika



BDO solution: Ethics line

Internet applications can facilitate the operation of an internal reporting system. Today's technologies allow for the quick and easy implementation of an ethics hotline, which serves as a helpdesk or communication platform for filing reports. Our whistleblowing tool allows whistleblowers to raise concerns via a secure form. This degree of centralisation will help you to have more control over individual reports, make it easier to track deadlines and protect the personal data of whistleblowers.

Our experts will regularly report to you on potential claims and suggest an appropriate course of action.

Why choose our solution?

  • Peace of mind: Be the first to know about missteps in your company. Have things under control. Act with due care. Prevent legal, financial and reputation risks.
  • Swift and easy: The web app has a responsive design and can be accessed from a PC, phone or tablet. It's easy to use for everyone.
  • Discretion: Prevent your internal information from being disclosed to the public authorities or the police and give your employees the option of reporting solely to you.
  • Efficiency: The service is available 24/7.
  • Reliability: Our solution guarantees the highest order of protection of the whistleblower’s identity.
  • Everything under one roof: Our team of experienced internal audit and risk management advisors will help you manage the connected area of risk management, from internal guideline and process preparation to internal investigation assistance and legal advisory, including representation in potential disputes.


Choose from our solutions:


TIP: Start implementing the reporting system early. The whole process, from designing and implementing the solution, to adapting internal regulations, to communicating with employees, etc. can take several months.

Worry-free ethics line

BDO will provide you with:
▷ BDO will host the application on its cloud-based solution
▷ receive, manage, investigate and close reports
▷ provide the role of the relevant person
▷ receive reports over the phone
▷ provide admin support for the application
▷ regular updates
▷ initial user training
▷ templates for internal regulations

Ethics line with assistance

BDO will provide you with:
▷ BDO will host the application on its cloud solution
▷ set up access
▷ provide admin support for the application
▷ regular updates
▷ initial user training

Management and receipt of reports is already up to you.
However, we are happy to offer you support in investigating and closing reports according to your current needs and requirements.

Contact us

Our team of experts will be happy to help you find a suitable solution, implement the system and design a tailored service for you.

Ondřej Šnejdar

[email protected]
+420 777 312 365


Stanislav Klika

Director - Risk Advisory Services
[email protected]
+420 604 226 734

Contact number:
Souhlas se zpracováním osobních údajů:
Bez vašeho souhlasu nemůžeme zpracovat Vaše osobní údaje a vyřídit Vaši žádost (jméno, příjmení, email, telefon, společnost). Svůj souhlas můžete kdykoliv odvolat. Podrobné informace o ochraně osobních údajů a zasílání obchodních sdělení naleznete zde.
Souhlas se zasíláním obchodních sdělení:
Abychom Vám mohli zasílat aktuální informace, tipy a pozvánky na exkluzivní akce i v budoucnu, potřebujeme Váš souhlas s používáním Vašich osobních údajů (jméno, příjmení, email, telefon, společnost) k uvedenému účelu. Svůj souhlas můžete kdykoliv odvolat. Podrobné informace o ochraně osobních údajů a zasílání obchodních sdělení naleznete zde.
Enter security code:
 Security code