Key Takeaways

Legal and Compliance Foundations:
The session led by Jaroslava Kracunova (Czech Republic) emphasized the need to align whistleblowing systems with both local and EU-wide data protection requirements. Companies must carefully define the scope and purpose of data processing, update privacy policies, and review their data retention rules to remain compliant.

Security and Confidentiality Measures:
Silvia Axinescu (Romania) underlined critical strategies for safeguarding whistleblowing systems, including establishing secure reporting channels, protecting whistleblowers’ identity, and embedding whistleblowing procedures into existing data protection frameworks.

Balancing Rights and Responsibilities:
Pavol Szabo (Slovakia) discussed the delicate balance between employee privacy rights and employers' duty to investigate misconduct. He explained several legal factors which were established by the case law of the European Court of Human Rights, which must be considered by the organizations to conduct lawful and proportionate internal investigations.

DPO and Whistleblowing Officer Roles:
Irena Koleva (Bulgaria) explored the advantages and potential risks of consolidating the roles of the Data Protection Officer (DPO) and the Whistleblowing Officer. While some jurisdictions permit this dual role, companies must remain vigilant about conflicts of interest and ensure both roles are properly resourced.

Global vs. Local Implementation Challenges:
Sabina Carbol-Majnusz (Poland) addressed the complexities of implementing global whistleblowing systems at the local level, stressing the importance of adapting to national laws and managing the possibility or a ban of cross-border information sharing carefully within multinational organizations.

Together, all our speakers offered valuable perspectives on the evolving compliance landscape and the interplay between whistleblowing and data privacy laws across the region.

Practical Implications for Businesses

Companies operating in Central Europe must navigate several key challenges:

• Designing whistleblowing policies that align with both national and EU regulations
• Implementing robust security measures to ensure confidentiality and protect whistleblowers
• Conducting proportionate internal investigations while balancing the rights of individuals with the rights of the organization (employer)
• Addressing the challenges of deploying group-wide whistleblowing frameworks across multiple jurisdictions
• Carefully evaluating the consolidation of DPO and Whistleblowing Officer responsibilities

How Deloitte Can Help

Navigating whistleblowing and data privacy requirements is complex. Whether you’re establishing a new whistleblowing system, tailoring global policies to local standards, or ensuring your internal investigations comply with applicable law, Deloitte’s team of legal experts across Central Europe is here to support you.

If you missed the webinar or have specific questions about compliance in your jurisdiction, we invite you to connect with us. Our specialists are ready to offer tailored advice and practical solutions to help your organization foster a culture of ethical reporting—while staying compliant.

Contact us today to move forward with confidence.

Jaroslava Kracunova,
Partner
Deloitte Legal Czech Republic
jkracunova@deloittece.com

Sabina Carbol-Majnusz,
Senior Managing Associate
Deloitte Legal Poland
scarbolmajnusz@deloittece.com

Pavol Szabo,
Senior Managing Associate
Deloitte Legal Slovakia
pszabo@deloittece.com

Silvia Maria Axinescu,
Senior Managing Associate
Reff & Associates|Deloitte Legal Romania
maxinescu@reff-associates.ro

Irena Koleva,
Senior Associate
Deloitte Legal Bulgaria
ikoleva@deloittece.com