Publication date: October 25, 2024
The Whistleblower Protection Act of 14 June 2024 is a key element of the Polish legal system, aimed at protecting people reporting irregularities in the workplace (Article 4 of the Act – definition of a whistleblower). The provisions of this legal act focus primarily on ensuring effective internal reporting mechanisms, which aims to build a culture of compliance with the law in organizations. The Act sets out obligations for employers and gives whistleblowers specific tools to defend their rights. This analysis focuses on key aspects of the Act, such as reporting procedures, whistleblower protection and the impact of the Act on employee-employer relations.
The basic assumption of the Act is to ensure that employers create safe channels for reporting violations. According to Article 23 of the Act, employers employing at least 50 people are required to establish an internal procedure for reporting violations of the law. This provision also covers people employed under civil law contracts, which significantly expands the scope of entities covered by whistleblower protection.
Article 10 of the Whistleblower Protection Act specifies that its provisions apply to the extent not regulated by European Union legal acts listed in the annex to Directive 2019/1937. Furthermore, the Act does not exclude the application of other provisions that provide for specific procedures for reporting violations of the law, including the possibility of reporting such violations anonymously (they can be reported both to a legal entity, to the Commissioner for Human Rights and to public authorities).
However, the provisions of this Act do not apply to information covered by the provisions on the protection of classified information and information whose disclosure is prohibited for reasons of public security; relating to professional secrecy (medical and legal); the secrecy of judicial deliberations, or criminal proceedings at the preparatory stage and closed court hearings.
In addition, the Act does not apply to public procurement related to defence and security and to the activities of secret services related to national security (Article 5).
The Whistleblower Protection Act requires employers to implement procedures for reporting violations of the law. According to Article 23, employers who employ at least 50 employees are obliged to introduce an internal procedure for reporting violations. This obligation also applies to certain entities, regardless of the number of employees, if they operate in certain sectors, such as financial markets or transport security. The procedure must be established in consultation with employee representatives or trade unions (Article 24, paragraph 3). Article 24 specifies that the internal reporting procedure must be clear and accessible to employees, and also provide for the protection of whistleblower confidentiality. The procedure comes into effect after it is announced in the company, and the employer is obliged to inform recruits about it.
If the person responsible for establishing an internal reporting procedure fails to establish it or establishes it in material breach of statutory requirements, he or she will be subject to a fine (Article 58).
According to Article 25 of the Act, the internal reporting procedure must meet specific requirements. First of all, the employer must designate a unit responsible for receiving reports – this may be an internal organizational unit or an external entity that ensures impartiality and confidentiality of reports (Article 25, paragraph 1, point 1). Whistleblowers must be able to report violations in writing, orally, and also through other means of communication, e.g. by phone or e-mail (Article 26, paragraphs 1 and 2).
The unit responsible for receiving reports (Article 25, paragraph 1, point 1) must act independently and ensure the impartiality of the entire process. This is crucial to ensure that reports are dealt with fairly and objectively, without affecting who is involved in the reporting process.
Each report must be confirmed within 7 days, and the whistleblower should receive information about the actions taken within no more than 3 months (Article 25, Section 1, Points 5 and 7). According to Article 27 of the Act, the employer is obliged to protect the identity of the whistleblower and the personal data of all persons involved in the reporting process, and only persons with written authorisation from the legal entity may be allowed to receive the reports themselves. Confidentiality of data must be maintained throughout the reporting procedure, and even after the termination of the employment relationship or other legal relationship under which they performed this work, as the Act also protects persons employed under civil law contracts.
The whistleblower’s personal data that will allow for establishing his/her identity are not subject to disclosure to unauthorized persons, unless with the whistleblower’s express consent. An exception to this rule is when their disclosure is necessary in connection with explanatory/preparatory/judicial proceedings, including in order to guarantee the right to defense of the person concerned by the report (Article 8).
The whistleblower must of course be informed of this in advance and the reasons for disclosing his or her data must be explained (unless notifying him or her could jeopardise the proceedings).
Article 29 of the Act requires employers to keep a register of reports. This register contains detailed information on each report, such as the report number, the subject of the violation and a description of the follow-up action taken. This data must be kept for at least 3 years after the investigation has been completed. This register has a control function and ensures that all reports are properly monitored.
The Whistleblower Protection Act regulates not only the process of reporting violations, but also other aspects of the relationship between the employee and the employer. In particular, Chapter 2 of the Act refers to the protection of whistleblowers against retaliatory actions. According to Article 12, whistleblowers are protected against repression, such as dismissal, reduction of salary or discrimination. The employer bears the burden of proof if the actions taken by him are suspected of being retaliatory in nature (Article 12, paragraph 3).
Article 14 of the Act provides for the possibility of whistleblowers seeking compensation in the event that they have been subjected to retaliatory actions. The Act guarantees whistleblowers the right to compensation, which must amount to at least the average monthly salary in the national economy, and in some cases may be higher.
The rights to which a whistleblower is entitled under Chapter 2 of the Act are inalienable – they cannot be waived or liable for damage caused as a result of their reporting or public disclosure, which of course does not apply to situations in which a whistleblower knowingly reports or publicly discloses false information.
In accordance with the Act and the Labour Code and the principle of employee privilege contained therein, provisions of employment contracts and other acts on the basis of which an employment relationship is established or which shape the rights and obligations of the parties to the extent to which they directly or indirectly exclude or limit the right to make a report or public disclosure or provide for the application of retaliatory measures are invalid.
Chapter 6 of the Act, in turn, provides for criminal sanctions that may be imposed on persons who prevent a whistleblower from making a report, take retaliatory action, or reveal the identity of a whistleblower in violation of the Act – this may be punishable by imprisonment for up to 3 years, and for disclosing the identity by a fine, restriction of liberty or imprisonment for up to one year.
However, it should also be taken into account that whistleblowers will not always act honestly – this has been taken into account in Article 15 of the Act, which provides for the right to compensation or redress for a person who has suffered damage due to the conscious reporting / public disclosure of false information by a whistleblower.
The non-compliance reporting policy should specify what violations can be reported and what the procedures are after they are reported. Reports may concern violations of national and EU law, as well as internal regulations in force in the organization. Article 7 of the Act provides for the possibility of anonymous reporting, which was already mentioned earlier, but a whistleblower who decides to reveal his or her identity is guaranteed protection against retaliatory actions (Article 7, paragraph 2).
An employer who implements an internal reporting procedure should include the possibility of various forms of reporting, such as oral, written, electronic or anonymous reports. Regardless of the form of the report, the employer is obliged to take follow-up actions, including conducting an internal investigation and informing the whistleblower of the results of the actions.
The Whistleblower Protection Act of 2024 introduces modern standards of protection for employees reporting irregularities in Poland. Effective implementation of internal reporting procedures, ensuring confidentiality and protection against retaliatory actions are the foundations that support transparency and honesty in organizations. The provisions of the Act are intended not only to protect whistleblowers, but also to build trust in relations between employers and employees. An appropriate non-compliance reporting policy, based on the principles of impartiality and confidentiality, supports the formation of responsible workplaces in which high legal and ethical standards are observed.