Whistleblowing policy: Does your organisation need one?

what is a whistleblower?

Do you need a whistleblowing policy in your organisation? Laws surrounding whistleblowing have recently changed, mandating it for companies of many sizes in the European Union. Truth be told, the UK isn't far behind.

In this article, we offer the definitive guide to whistleblowing and how to craft a whistleblowing policy (as well as what to consider from a whistleblowing software).

Personio Whistleblowing is available now. To find out more visit here.

What is whistleblowing?

Whistleblowing is the act of reporting (or "blowing the whistle on") organisational misconduct or wrongdoing. A whistleblower is an individual, typically but not limited to an employee, who witnesses and discloses information about certain illicit activities. 

Some of the most common examples of whistleblowing include:

  • Unlawful business practices

  • Breaches of legal obligations 

  • Risks to health, safety and environmental laws 

  • And many more…

Important to note: Any wrongdoing disclosed in the UK must be “in the public interest.” This calls into question the number of people affected, the impact and scope of these events and the wrongdoer in question (whether a person or a company). 

What is a whistleblowing policy? 

A whistleblowing policy is a policy document outlining an organisation's process surrounding those seeking to act as whistleblowers. It should answer common questions around how to “blow the whistle”, various qualifying criteria and helpful guidance. 

In the UK, a whistleblowing policy will most often be part and parcel of grievances at work. That said, there is a prominent school of thought suggesting that whistleblowers require a unique and specific policy all to themselves. 

Additionally, calls for more more formalised whistleblowing policies are only growing in the EU and the UK (more on that below...). This only makes it all the more important that organisations have a solution in place sooner than later.  

What do you include in a whistleblowing policy?

A whistleblowing policy should include some of the following elements: 

  • A definition of whistleblowing

  • The societal and organisational importance of whistleblowing 

  • General examples of when employees should “blow the whistle” 

  • The process for how to blow the whistle easily and securely 

  • Various legal protections for organisational whistleblowers 

  • Confidentiality assurances for employees who blow the whistle 

Blowing the Whistle:

The most important part of any whistleblowing policy is outlining how employees can blow the whistle. Your organisation should offer an easy, streamlined and potentially anonymous way for people to report wrongdoings. Some options include:

  • An online portal for employees to blow the whistle

  • A phone line where employees can leave messages

  • A way to request a face-to-face meeting

  • An anonymous post box

  • A dedicated email address for whistleblowing

What are the steps in the whistleblowing process?

Organisations in the UK often lack a centralised or streamlined way to facilitate whistleblowing for their employees. In most cases, the process depends on an organisation’s overall grievance policy or procedure and nothing more. 

Employees who are looking to blow the whistle will often be guided to their line manager or a prescribed person (someone who has been identified in charge of this particular process). They may also be sent the way of their union representative. 

In these cases, an employee is coached to share what they have seen, and the prescribed person or body is then in charge of taking next steps. They may report back activities to the employee, although they may choose to disclose any names. 

Understandably, employees may also request that they remain anonymous or organisations may open up the opportunity to become a whistleblower anonymously. 

If an employee is dissatisfied with their experience as a whistleblower, they may contact  the Advisory, Conciliation and Arbitration Service (Acas), a specific whistleblowing charity (like Protect) or their trade union. 

Importance guidance for whistleblowing policy in the UK

In the UK, there exists a certain criteria for making what is known as a "qualifying disclosure" (essentially, ensuring that you are actually blowing the whistle effectively).

First, that it must be a disclosure of information. And, that this information must relate to any of the following wrongdoing:

  • A criminal offence

  • A failure to comply with legal obligations

  • A miscarriage of justice

  • Danger to health and safety

  • Damage to the environment

  • Deliberately covering up any of the above

This is also where subjectivity comes into play. Mainly because the whistleblower must reasonably believe that their disclosure shows wrongdoing. And, that this disclosure is made "in the public interest."

Centralise Employee Data In One Ultra-Secure Place

Digital Employee Files on Different Devices

Create one single source of truth for all employee data and use it to prepare for your organisation’s future. Know exactly the talent you have on hand at a glance for your workforce planning.

Can employee be sacked for whistleblowing?

No. Whistleblowers are protected by the law if they are classified as a worker. This might include a policy officer of an NHS employee, a trainee, an agency worker or a member of a limited liability partnership (LLP). 

This means that you are protected by law if you report any of the following behaviours: 

What happens when a whistleblower is wrong?

If a whistleblower is proven wrong then they are no longer protected by the law. This ensures that blowing the whistle only occurs when serious breaches of legality are directly observed by employees. 

Additionally, whistleblowing does not consist of personal grievances like bullying, harassment or discrimination. While these are certainly serious offences, they are simply not covered by whistleblowing law (unless they are in the public interest).

What about whistleblowers who are treated unfairly?

It is essential that organisations protect the equitable treatment of whistleblowers. That means that they should ensure that workers are not treated unfairly or reprimanded for doing the right thing for the good of the public. 

That said, if an employee feels as though they are being treated unfairly, they can take their case to an employment tribunal. In cases of unfair dismissal, this kind of kind must happen within three months of being dismissed. 

What is the EU Whistleblowing Directive?

The EU Directive on the protection of whistleblowers was a directive created by the EU Commission in late 2019. Since its inception, it has mandated that all EU Member States offer a channel for employees (or non-employees) to become whistleblowers. 

The goals of the EU Whistleblowing Directive are:

  • Preventing illegal conduct across EU Member States 

  • Improving the process for whistleblowing and protecting employees

  • To make it simpler to blow the whistle on organisations 

This directive affects companies with more than 50 employees, public sector institutions, authorities as well as municipalities with 10,000 more inhabitants. 

We can break that down even further by company size: 

250+ employees

Expected to comply within two years of adopting this directive. 

50 - 250 employees

Expected to comply with an additional two years when compared to 250+ organisations.

Organisations in the EU are expected to offer a vehicle for helping enable whistleblowing whistleblowers to submit behaviours they witness in an online and seamless way. Ideally, through some form of confidential, secure software.

What is the purpose of the EU directive?

The purpose of the EU Commission's directive on whistleblowing is to create one singular approach to whistleblowing across Europe. This type of unified approach is designed to help protect workers across the continent with regards to any organisational wrongdoing.

Which EU states have adopted whistleblowing laws?

As of writing, 24 out of 27 member states have adopted the law on whistleblowing in some way, shape or form. In three states (Poland, Estonia and Slovakia), the process is currently delayed. You can track progress by clicking here.

What is the whistleblowing law in the UK?

In the aftermath of Brexit, the UK is under no obligation to adopt the EU directive on whistleblowing. The Commission found that the UK already had in place laws that offer sufficient support to whistleblowers (as part of the “Employment Rights Act 1996”). 

There are some key differences, though, which include: 


The UK Government mainly focuses on the classification of ‘workers’ (as previously mentioned). The EU directive is more wide ranging. 


The EU Commission identified specific sectors where whistleblowing is more relevant. The UK Government does not make this distinction. 


Whistleblowers in the UK are protected on “subjective belief” with added emphasis on the element of “in the public interest.” 


Companies in the UK, no matter the size, are not required to offer a formal or informal channel for whistleblowing. 

That said, this EU directive is sure to influence those in parliament. The UK has already begun to develop a more substantial whistleblowing commission, which may propose similar suggestions as those of the EU Commission (or lean on them heavily). 

Will whistleblowing laws change in the UK?

It's too soon to tell. The UK Government launched a review of our own whistleblowing laws in late March 2023. The evidence gathering stage will end in the fall, at which point the review will begin to draw conclusions and map out next steps.

The review itself is designed to review the following:

  • Those covered by current whistleblowing protections

  • The available of information and guidance on whistleblowing (provided by the government and employers alike)

  • How employers and prescribed persons currently respond to whistleblowing disclosures

The final output will likely result in some form of changes or recommendations to help guide employers and employees alike on how to manage whistleblowing policies (and potential changes to those policies themselves).

Do employers have to have a whistleblowing policy?

Regardless of whether your organisation is in the UK or the EU, having some form of whistleblowing policy is a must. It gives your employees the opportunity to call out wrongdoing, and to play a vital role for the public good. 

That means not only having a policy in place. It also requires having a process or a channel that is easy enough for employees to use. A place for them to submit their concerns, confidentially and securely, which can then be routed to the proper person. 

Personio Whistleblowing is available now. To find out more visit here: Personio Whistleblowing: An anonymous reporting channel.


Centralise All Your Employee Data

Digital employee file