Whistleblowing schemes were introduced in the EU as a result of the Sarbanes-Oxley Act (“SOX”) adopted by the US Congress in 2002 following various corporate financial scandals. SOX requires US companies and their EU-based subsidiaries to establish “procedures for the receipt, retention and treatment of complaints received by the issuer regarding accounting, internal accounting controls or auditing matters [and] the confidential, anonymous submission by employees of the issuer of concerns regarding questionable accounting of auditing matters.1”  The implementation of whistleblowing schemes will, in most cases, lead to the collection, processing and transfer of personal data (e.g., name of the accused person) which raises data privacy concerns . . .

WhistleblowingintheEU