Back to News
30-06-2023

The penalties for not having a complaints channel can reach up to one thousand euros.

Within three to six months, many companies, in the best case scenario, will have to have a whistleblower protection system in place to protect whistleblowers under penalty of being fined up to one million euros.

The essential key of the law is to ensure that any employee has a tool that facilitates the disclosure of infractions or irregularities that may be occurring in the company or in the public sector.

As established in the transposed Directive, this rule will apply to whistleblowers who work in the private or public sector and who have obtained information on infringements in an employment context, including, at a minimum:

  • People who have the status of workers, including civil servants.
  • Persons who have the status of non-salaried employees.
  • els accionistes i persones pertanyents a l’òrgan d’administració, direcció o supervisió d’una empresa, inclosos els membres no executius, així com els voluntaris i els treballadors en pràctiques que perceben o no una remuneració;
  • any person working under the supervision and direction of contractors, subcontractors and suppliers;
  • former employees who disclose or report breaches committed during the term of their contract and whistleblowers whose employment relationship has not yet begun, in cases where the information on breaches has been obtained during the selection process or pre-contractual negotiation.

What is the complaints channel?

It is the channel through which complaints of non-compliance with regulations must be channelled. It is a tool for the early and confidential detection of malpractice and crime prevention.

Is it compulsory to have a complaints channel?

Yes, it is, for commercial companies with 50 or more employees and public sector companies.

Likewise, regardless of the number of employees, all political parties, trade unions, business organisations, as well as the foundations that depend on them (as long as they receive public funds for their financing) and all local administrations, regardless of the number of inhabitants, are obliged to have an internal information system.

What are the characteristics of the complaints channel?

The information channels must be confidential and protected, which is a challenge that also involves data protection officers. Systems must be simple and secure and, in addition to complying with legal requirements, must be adapted to the reality of each company. As a minimum, they should:

  • To have a system for alerting and detecting irregularities.
  • Generate evidence to exempt or mitigate the criminal liability of the legal entity.
  • Guarantee the confidentiality of the whistleblower.
  • Allow verbal and written reports.
  • Integrate the different whistleblowing channels implemented.
  • Independence in the investigation of complaints.
  • Policy containing the general principles regarding information systems and whistleblower protection, with due publicity in the company.
  • Procedure for managing the information received.
  • Appoint a person responsible for the system.
  • Guarantees for the protection of the informant.

What sancions does the incompleteness of the law entail?

The law provides for penalties of up to one million euros for companies. Fines may range from:

  • EUR 30,001 up to EUR 300,000 in the case of natural persons and.
  • 600,001 to 1,000,000 euros for companies.

Penalties will also be imposed on individuals who file false reports or on companies or channels that disclose secret documentation.

  • Very serious infringements are: any action that entails an effective limitation of rights and guarantees introduced through individual or collective contracts or agreements and, in general, any attempt or effective action to hinder the submission of communications or to prevent, frustrate or slow down their follow-up;
    • the adoption of reprisals;
    • breach of the guarantees of confidentiality and anonymity;
    • breaching the duty to maintain secrecy of information; committing a serious infringement when the perpetrator has been sanctioned by a final decision for two serious or very serious infringements in the two years prior to the commission of the infringement;
    • communicating or publicly disclosing information knowing it to be false; and failure to comply with the obligation to have an internal information system.
  • The following are serious infringements: conduct limiting the rights and guarantees mentioned above or attempts to hinder the submission of information or to slow down its follow-up, when they do not have the status of very serious infringements;
    • breach of the guarantees of confidentiality and anonymity, or of the duty of secrecy, where this is not considered a very serious infringement;
    • failure to adopt measures to guarantee the confidentiality and secrecy of information;
    • and the commission of a minor infringement when the perpetrator has been sanctioned for two minor, serious or very serious infringements in the two years prior to the commission of the infringement, counted from the finality of the sanctions.
  • The following are classified as minor infringements: deliberately submitting incomplete information to the Authority by the person responsible for the system, or after the deadline granted for doing so;
    • failure to comply with the obligation to cooperate with the investigation of information;
    • and any breach of the obligations provided for in the regulation that is not classified as a very serious or serious infringement.

If you have any questions regarding this issue, please do not hesitate to contact us, by telephone to Isabel Torre Carazo or by e-mail to itc@btsasociados.com, we will be delighted to help you.