Whistleblowing systems – what applies?
Protection for whistleblowers is nothing new. There are already regulations in place that protect employees who report serious misconduct. Under current legislation, employees who report serious wrongdoing are protected from retaliation by their employer. The new Whistleblower Act means that all private organizations with at least 50 employees must implement an internal whistleblowing system. Certain public entities, all municipalities, as well as organizations in the financial sector and several government agencies, are also required to comply with the new regulations. The dedicated channels for reporting misconduct are intended to provide stronger protection for whistleblowers than before. A whistleblower’s identity must be covered by the highest level of confidentiality, meaning that their information may not be disclosed under any circumstances. The whistleblowing system as a safer solution The opportunity for safer whistleblowing paves the way for more secure anti-corruption efforts. It also requires that individuals or companies managing whistleblowing functions must be independent and impartial in relation to the organization. This places specific demands on how organizations set up their whistleblowing systems. När träder lagen i kraft? The law is proposed to take effect on December 17, 2021. Medium-sized companies are proposed to have until December 17, 2023, to implement internal reporting channels. Other organizations are proposed to have until July 17, 2022, to comply with the law. Read more at regeringen.se . Use VisionFlow as a whistleblowing system! By using VisionFlow, you get a flexible and secure whistleblowing system. VisionFlow is a platform developed and delivered by Visionera, a Swedish company established in 2001. Want to know more about how to use VisionFlow as a whistleblowing system? Don’t hesitate to contact us, we’ll help you get started! Book a demo Contact us
What Does Schrems II Mean?
What does Schrems II mean? – Why VisionFlow is a safe and smart choice for your case management On July 16, 2020, the European Court of Justice announced the Schrems II ruling, which has had extensive consequences for the use of American cloud services. Under GDPR, the transfer of personal data to a third country – that is, a country outside the EU/EEA – may only take place if the recipient country can guarantee an adequate level of protection for the data. In practice, this has proven to be highly complex, making it difficult to ensure the required level of protection. After Schrems II, there is in many cases no longer a clear legal path for processing personal data in the U.S. By choosing VisionFlow for your case management and CRM, you can rest assured. As a local Nordic provider, we comply with GDPR and ensure that data is stored within the EU. All information is handled securely, and VisionFlow offers the necessary features to help you and your organization meet GDPR requirements. With VisionFlow, you can always trust that all customer information is kept safe within Sweden’s borders. What is Schrems? C-362/14 and C-311/18 are what we today call Schrems I and II. Both are rulings from the European Court of Justice, named after Austrian lawyer and privacy activist Maximilian Schrems. Schrems challenged Facebook in Ireland, arguing that the company reserved the right to transfer his personal data to the U.S., despite the country’s mass surveillance systems conflicting with EU data protection laws. The case reached the European Court of Justice, which ruled in Schrems’ favor. The Court invalidated the agreement known as Safe Harbour, which companies had used for transatlantic data transfers. This ruling, later called Schrems I, affected not only Facebook but many other companies. Safe Harbour was replaced in 2016 with the Privacy Shield framework, which allowed digital traffic between the EU and U.S. to continue relatively unhindered. U.S. companies could register with the U.S. Department of Commerce to certify compliance. On July 16, 2020, the European Court of Justice declared that the Privacy Shield agreement did not provide sufficient protection for personal data transferred to the U.S. Schrems once again won, and the ruling became known as Schrems II. What does this mean for Swedish companies and organizations? Schrems II applies to all companies that process personal data within the EU but transfer it to a third country. It is very common to find Swedish companies using American cloud services. The Schrems II ruling states that supervisory authorities in EU member states must actively intervene against controllers who transfer personal data to third countries without legal grounds. Sweden’s privacy regulator (IMY) has already begun investigations against Swedish companies. The review is part of an EU-wide effort led by the European Data Protection Board (EDPB) task force set up to handle the complaints filed since the Schrems II ruling. What happens if you don’t comply with Schrems II? The exact consequences are still not entirely clear, since no cases have yet been decided under Schrems II. But based on previous violations of the EU’s General Data Protection Regulation, companies risk fines, sanctions, and compensation claims. Given the potentially devastating consequences for companies that are found non-compliant, it is highly relevant to review your suppliers that involve data transfers to the U.S. The key question: is it truly necessary to use this solution, or would it be safer and smarter to choose a provider that keeps data within the EU and thereby eliminates the risk of a potential ruling? Do you have questions about GDPR, Schrems II, or VisionFlow’s data management? Don’t hesitate to contact us!