EU Whistleblowing Directive – Denmark 

Whistleblowers protection already in place

There were initially no Whistleblowing Systems regulations in place in Denmark.

Some whistleblowing schemes and whistleblowers protection existed only in certain specific areas, such as financial services providers and anti-money laundering.

However, regardless of the lack of regulation, many Organizations had already voluntarily implemented their own whistleblowing systems and protection schemes.

Current implementation status

Denmark passed its Whistleblower Protection Act on June 24th, 2021, making it the first EU country to transpose the Directive into national law.

New requirements 

According to the Directive, Organizations with more than 50 employees are obligated to set up internal reporting channels. Organizations that previously had a whistleblowing system voluntarily set up must update their policy to comply with the new Act, regardless of their number of employees.

Scope of Reporting

The scope of the Directive is extended with the Act and includes reports of violation of Danish law in addition to EU laws breaches.

Denmark expends the protection for any serious violations of Danish law and other serious matters, such as criminal offences, theft, fraud, embezzlement, bribery, etc. Further, the scope of the Act includes reports of sexual harassment or other severe person related conflicts at the workplace.

Reporting Processes

Whistleblowers must be able to make oral or written reports through internal reporting channels. An external reporting policy is introduced by the new Act, allowing whistleblowers to choose to directly report to the Danish Data Protection Agency and remain protected.

Global Organizations need to be careful if they decide to outsource their handling and processing of incoming reports, since third parties must be able to comply with the most extensive protection implemented by each Member State they operate in, while also meeting the Danish requirements.

Whistleblowers can also be protected if they chose to report publicly, in the case of an imminent threat or if the whistleblower believes that internal or external reporting is innefective or counterproductive.

Confidentiality and Protection 

There is no obligation for Organizations to process anonymous reports. However, it is strongly recommended for them to accept anonymous reporting in order to encourage whistleblowers to use internal reporting channels instead of external channels.

Concerning the processing of personal data, Organizations must directly refer to the GDPR or the Danish supplementary data protection law. Whistleblowing systems established outside of the scope of the Act or by Organizations with less than 50 employees are not covered by the new law.

Next steps

Make sure you’re compliant with the new requirements.
Evaluate your reporting system in place and highlight areas of improvement with our self-assessment template.