Home

Internal

Global

Contatto

Rödl & Partner ha prestato la propria consulenza per il perfezionamento dell'acquisizione del Gruppo italiano FGV da parte di Hettich |

In tutto il mondo

Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra Cookie Policy.

Whistleblowing between European and Italian legislation: data protection and cybersecurity related aspects

In the last months, whistleblowing has been addressed by the European legislator (through the Directive 2019/1937) and – in Italy – under a data protection stand-point also by the local Supervisory Authority thus outlining the importance of whistleblowing not only for the corporate governance of companies acting as data controllers but also for the protection of rights of the data subjects that whistleblowing inevitably entails.

Based on the legal principles and on the provisions issued in Europe and by the Italian Supervisory Authority, companies adopting whistleblowing systems must bear in mind to comply with both the laws on whistleblowing and on data protection and cybersecurity.

To do so, companies acting as data controllers shall adopt the most adequate measures to protect the rights and dignities of the concerned subjects (the data subjects), designing the process and the procedures since the initial stages of implementation of the whistleblowing systems according to the principles of privacy by design and by default (extensively referred also to the labour law related aspects and the law on administrative liability of entities arising from crimes – Legislative Decree no.

231/2001 – the latter for private companies) and providing evidence in case of inspection by the Supervisory Authority so as to result not only formally and passively compliant but also concretely and actively accountable.