Austria: The new Whistleblower Protection Act & its most important points

 

The European Whistleblower Directive of 23 October 2019 provided the framework, and on 25.2.2023 a law on the procedure and protection of indications of infringements also came into force at national level (belatedly): the Whistleblower Protection Act (HSchG).

The Whistleblower Protection Act specifies certain procedures for whistleblowing, protective provisions for whistleblowers and the prevention of unjustified suspicions.

The background to these provisions is that grievances in a professional context are usually uncovered by "insiders", i.e. persons who obtain relevant information in the course of their work. To ensure that they are not exposed to any risk when uncovering grievances and thus the willingness to "whistleblow" is increased, they are protected by certain legal mechanisms.

As far as the applicability of the provisions of the HSchG is concerned, this applies only to infringements in certain legal areas. These include public procurement, data protection, consumer protection, criminal law on corruption, environmental protection, road safety, public health, product safety and financial services, including the prevention of money laundering and terrorist financing. Companies can also voluntarily allow internal reports on other grievances (e.g. embezzlement, bullying).

The HSchG personally protects persons who have obtained information about infringements in the course of their professional activities. These include, for example, employees, applicants, trainees, members of corporate bodies and contractors.

In principle, whistleblowers are free to choose whether to contact an internal reporting office in the company (or a third party entrusted by the company, such as lawyers) or to submit an external report to the Federal Office for Corruption Prevention and Combating Corruption (BAK).

Companies with at least 50 employees and legal entities in the public sector with at least 50 employees are obliged to set up an internal reporting office. The term "company" also includes associations and non-profit organizations. The implementation of internal hotlines must meet certain requirements and can be designed as a complaint mailbox, as an online platform, as part of the intranet or as an e-mail address, telephone hotline or ombudsman's office.

The processing of personal data in all of this is subject to the provisions of the General Data Protection Regulation (GDPR), whereby the identity of the whistleblowers may not be disclosed without their consent. In addition, attention must be paid to the establishment of appropriate technical and organizational measures during implementation and certain storage and deletion obligations are specified by law.

Under labour law, the participation powers of the works council or the workforce may have to be observed when setting up an internal reporting system. Furthermore, there is special protection against retaliation measures (e.g. dismissal, discrimination, mobbing, professional disadvantages), otherwise claims for damages and administrative penalties of up to EUR 20,000 (in case of recurrence up to EUR 40,000) threaten. Reversible measures, such as termination, are legally invalid. Measures against colleagues or relatives of whistleblowers may also be inadmissible.

On the other hand, whistleblowers are only protected if they act in good faith. Anyone who knowingly reports a false report commits an administrative offence that is threatened with up to EUR 20,000 or, in the event of a repeat offence, up to EUR 40,000. Criminal offences can also be committed.

A transitional period of ten months until 17.12.2023 applies to the establishment of hotlines. For companies and public services with at least 250 employees, however, the new provisions will apply from 25.08.2023. If affected companies have not yet started with the implementation, there is an acute need for action.

 

For further information, please contact:

Johannes Paul, Lawyer

Zumtobel + Kronberger, Salzburg

e: paul@eulaw.at

t: +43 662 624500

 

#WLNadvocate #law #legal #lawfirm #article #whistleblowers #Austria #EU #dataprotection #dataprivacy #employmentlaw