Ensuring the privacy and security of personal data is one of the key areas that have been protected by Directive (EU) 2019/1937 of the European Parliament and of the Council. It is in these areas that Whistleblowers can report violations or irregularities they witness directly or indirectly.
What is privacy protection?
Nowadays, all kinds of information a very valuable currency. Many companies, government institutions, or organizations collect data during user activities, when they configure their online accounts, make purchases via the Internet, register on websites, take part in surveys, download free applications or browse platforms. The issue of privacy protection and data security is so important because the information that falls into the wrong hands can have very negative consequences.
Privacy is the right of an individual to live his own life according to his will, keeping to a minimum any external interference. It is also an intrinsic, natural, and permanent good.
The activity of Whistleblowers in this area is important because they can help in disclosing violations of the 2016 directive on network and information security, and due to the provisions of 2019, they are legally protected against possible retaliation. Any irregularities in the field of privacy and security should be reported using a specially created for this purpose internal reporting channel in the organization. The system that allows for signaling violations and has many useful functionalities is Whistleblower.
Directive (EU) 2016/1148 ofthe European Parliament and the Council (19) requires the reporting of incidents that do not involve a personal data breach and a security requirement for entities operating in the energy, health, transport, and banking sectors. Moreover, requirements have also been defined for providers of key digital services, including those processed in the cloud, and for suppliers of basic utilities, which include water, electricity, and gas.
Which privacy laws are included in the Whistleblower Protection Directive?
The Whistleblower Protection Directive was created to provide legal protection to those who directly or indirectly witness violations and feel obliged to report them without fear of repercussions. The directive of October 23, 2019 lists the following legal acts that mention the protection of privacy and security of network and information systems:
- Directive on the processing of personal data and the protection of privacy in the electronic communications sector.
- Regulation on the protection of individuals concerning the processing of personal data and on the free movement of such data.
- Directive on measures for a high common level of security of network and information systems across the European Union.
In conclusion, the protection of privacy and security control on the Internet is extremely important, and any irregularities occurring in this area should be immediately reported, as breaches could have a negative impact on digital services and key areas of economic and social activity. Reporting of irregularities, therefore, aims to ensure the continuity of the provision of services that are essential for the functioning of the internal market and society as a whole. If data or information is shared with inappropriate people, the organization can suffer very costly consequences. Whistleblower is the system for receiving and handling incidents, fully compliant with the requirements of the directive and ensuring the protection of the confidentiality of the identity of persons reporting violations.