Following the general introduction, let us look at what you need to do under the new Act if you need to set up or, if you have previously operated a similar system, possibly update the whistleblowing system in your organisation.
First of all, let us look at what the new Act considers to be an abuse?
Information about any illegal or suspected illegal act or omission or other abuse can be reported through the whistleblowing system. The Hungarian definition therefore goes well beyond the Whistleblowing Directive, as it provides for a much wider range of reporting possibilities (including in the case of violations of the values set out in the organisation's Code of Ethics).
Who can make a report in the whistleblowing system and how?
Not only the employees of the organisation concerned may also notify, but also those whose employment relationship with the organisation has ended or whose procedure for establishing that relationship has already started (e.g. also persons applying for a job). It should also be borne in mind that partners who have a contractual relationship with the organisation, as well as trainees and volunteers working for the employer, also have the possibility to make a report.
However, an interesting question is whether it is possible to report anonymously. Under the new Act, it is possible, but in this case the organisation may choose not to investigate the complaint. However, organisations may of course decide at their own discretion to investigate anonymous reports on the basis of the content of the reports, as this will obviously increase the trust of the whistleblowers in the system and thus the transparency and efficiency of the system within the organisation.
Otherwise, the report can be made orally or in writing. It may also be made orally by telephone or in person, in which case a record must be made about the report. In writing, a report may be made, for example, by using a dedicated e-mail address, by sending a letter by post or by using a dedicated computer system.
The internal investigation
Under the new Act, you must design the whistleblowing system in such a way that the whistleblower's anonymity is preserved throughout the internal investigation. The protection of their personal data will therefore be one of the most important fundamental obligations for system operators. Accordingly, the identity of the whistleblower may, for example, be known only to the mandated whistleblower protection lawyer, who will in any case have to anonymise the whistleblowing report transmitted to the system operators.
Within 7 days of receipt of the report, the system operator must send the whistleblower an acknowledgement of the report and provide him/her with general information on the procedure and the privacy rules. This contacting and informing task may also be the responsibility of the mandated whistleblower protection lawyer.
Once the information has been sent to the whistleblower, the system operator has 30 days (3 months in justified cases) to carry out an investigation. This may be done with the assistance of a whistleblower protection lawyer or other external organisations. The result of the investigation or the reasons for not investigating will be communicated to the whistleblower in writing by the system operator (or, where appropriate, the whistleblower protection lawyer).
Sanctions
Organisations should establish effective and independent reporting mechanisms and procedures, and appoint trusted individuals to be responsible for conducting investigations, including outsiders to increase trust. They should also protect the identity of whistleblowers. This is why, to deter potential retaliation, both EU and Hungarian legislation hold accountable those who try to harm whistleblowers. If whistleblowers experience "retaliation" in connection with their whistleblowing, they can seek redress and will be entitled to compensation for the harm they have suffered.
It is also interesting to note that the entry into force of the new Act has also resulted in the introduction of new sanctions against natural persons who obstruct the filing of these reports. The amendment to Act II of 2012 on infringements, infringement procedures and the system for registering infringements (Infringements Act), which entered into force on 24 July 2023, introduced in Section 206/A the offence of persecution of a whistleblower. Thus, according to the Infringements Act, a person commits a misdemeanour if he takes an adverse action against a whistleblower or if he obstructs or attempts to obstruct the filing of a whistleblower report. In this context, even the head of an organisation may be held liable for an offence if he or she fails to establish or operate a whistleblowing system.
In addition, employment monitoring bodies will be empowered to take action and carry out inspections in the event of non-compliance with the obligations of organisations to whistleblowing.
The protection of the personal data of whistleblowers is also of paramount importance in the course of investigations, which is not only subject to the provisions of the new Act, but also to the GDPR rules. Thus, NAIH will have the power to act when investigating personal data protection cases and if organisations breach their obligations under the GDPR, NAIH may impose data protection fines on them.
Of course, in addition to sanctions, the effectiveness and enforcement of whistleblowing systems in practice will also depend on the internal organisational culture of the system operators. An interesting question might be, what sanctions, if any, the operators of such schemes define in their internal rules in case, for example, an employee repeteadly makes a whistleblowing allegation against his/her colleagues without any basis in fact. In my view, an employer - in addition to issuing a warning - may decide to terminate the employment of an employee who is found to have made regularly and unlawfully whistleblowing complaints in bad faith, thereby exempting the employer from the provisions - aiming to protect the rights of whistleblowers - of the new Act.
If you have any questions on this topic or need advice on how to set up a whistleblowing system, or if you need the assistance of a whistleblower protection lawyer, please do not hesitate to contact me.
To book an appointment, please contact me through e-mail at drtothfanni@gmail.com or via phone on the following number: +36 30 569 7183.
Comments