- Anti-Corruption Helpdesk
- The impact of the General Data Protection Regulation on whistleblowing
The impact of the General Data Protection Regulation on whistleblowing
This Anti-Corruption Helpdesk brief was produced in response to a query from one of Transparency International’s national chapters. The Anti-Corruption Helpdesk is operated by Transparency International and funded by the European Union.
We are looking for an analysis of the potential impact of the new General Data Protection Regulation on:
- the right to confidentiality or anonymity of whistleblowers
- the responsibility of employers, regulators or service providers (including Transparency International’s Advocacy and Legal Advice Centres) to manage data shared by whistleblowers
- the right of accused/respondents to be notified of any data and obtain data held on them that is shared by whistleblowers about them
- Decoding the GDPR
- Impact of the GDPR on whistleblowing
The EU General Data Protection Regulation (GDPR) will come into force on 25 May 2018. It offers the most ambitious and far-reaching changes to data protection laws in Europe in the last 20 years, and has a truly global impact as any organisation in the world which sells to European companies, or receives data from EU citizens will be affected (Evans et al. 2016; Gross 2016).
With the objective of protecting the personal data of EU citizens, the resolution clearly outlines the meaning of personal data and consent, as well as highlighting the rights of individuals and the obligations on part of organisations that process personal data (Evans et al. 2016; White & Case 2016; EU GDPR Portal 2018; ICO 2018).
Whistleblowing (reporting of wrongdoing) is widely recognised for playing a crucial role in exposing corruption (Transparency International 2013). While the GDPR puts the whistleblower in a much stronger position and affords them more authority over their own data, there remain challenges such as the protection of the whistleblower’s identity if the accused in the report demands access to their personal information recorded in the whistleblower’s report. The GDPR will mean that whistleblowing processes need to change to ensure that the reporter is more informed and the potential for significant data breaches is reduced. This change is viewed by some as a positive development for both organisations handling personal data and for whistleblowers (Expolink 2017).
Kaunain Rahman, [email protected]
Marie Terracol and Matthew Jenkins, Transparency International