Act on Protection of Whistleblowers approved

In view of this approval, only the signing by the President of the Czech Republic and then the publication of the law in the Collection of Laws now remain to be accomplished in the course of the month of June, so that the new Act on Protection of Whistleblowers can be expected to come into force on 1 August.

For most companies in the Czech Republic, this is very important news, as every employer with 50 or more employees will become a so-called obligated entity when this law takes effect and will have to implement an internal  reporting system (whistleblowing system) and adopt its own whistleblower protection measures. Only in the case of obliged entities with more than 50 but less than 249 employees will it be possible to take advantage of an extended time period for the introduction of an internal whistleblowing system, they will have until 15 December 2023 to comply.  

With this in mind, now is the time to prepare for the legal obligations introduced by the new law, as the introduction of an internal reporting system entails a number of organisational, legal and technical requirements that companies will need to comply with. 

Companies with 50 or more employees, as well as other obligated entities, are required by the new law to establish and operate an internal reporting system. This internal reporting system must enable employees and certain other groups of potential whistleblowers to report internal corporate unlawful misconduct of which they become aware in a so-called work context, that is, in connection with their work or similar activities for the obligated entity.

As regards the methods of reporting (i.e. whistleblowing), the obligated entity must set up its internal reporting system in such a way that the whistleblower can report orally, in writing (including by electronic data message) and, if requested by the whistleblower, in person. However, it must be taken into account that at all times and in all circumstances the confidentiality and secrecy of the identity of the whistleblower and other persons affected, as well as the confidentiality of the information which is the subject of the reporting, must be ensured by the obligated entity within the internal reporting system.

In addition to this organisational and technical aspect of the internal reporting system, an obligated company must designate a competent person or several competent persons who, within the framework of the system set up, will be exclusively authorised to receive notifications and assess whether the notifications are justified. This will then have an impact on whether the competent person will inform the whistleblower that his/her notification is unfounded and therefore 'shelve' the notification, or whether he/she will assess it as substantiated and submit a proposal to the management of the company to take appropriate measures to prevent or remedy the unlawful misconduct.   

However, there are also a number of other obligations associated with the operation of the internal reporting system, in particular information obligations towards employees and other potential whistleblowers, both in terms of the Act on the Protection of Whistleblowers and the obligations of a data controller under the General Data Protection Regulation (GDPR).   

Failure to comply with the obligations under the Act on the Protection of Whistleblowers is treated as an offence on the part of the obliged entity, for which a fine of up to CZK 1,000,000 may be imposed.  

If you have any questions about the new whistleblower protection legislation, or if you are interested in our services with regard to implementing an internal whistleblowing system, please do not hesitate to contact us.