Confindustria, the leading association representing manufacturing and service enterprises in Italy, recently published its new Operational Guide for Private Entities on the whistleblowing discipline, to support companies (which have employed an average of at least 50 and up to 249 employees in the past year) in facing the upcoming December 17 deadline.
Confindustria is not simply providing a summary of recent regulatory changes and explaining to companies how to move to become “compliant,” but instead specifies how, it is not enough to create a proper operating procedure and adopt dedicated software for the whistleblowing system but instead it is necessary for companies to pay special attention to:
📜 Update privacy documents and procedures, including consents and appointments of data processors, data controllers, and related contracts.
📑 Update MOG231 protocols to comply with new regulations.
📄 Ensure that the procedure and appointments are properly approved, shared, and published in a transparent manner.
🔒 Assess the impacts of changes in light of the General Data Protection Regulation (GDPR) and IT security requirements.
🔍 Activate the Data Protection Officer (DPO) and appoint employee representatives, if required.
🤝 Confer appropriate proxies and powers of attorney on reporting managers.
📚 Provide training to both managers and workers.
It is crucial that all of these actions are carried out with the utmost consistency with the business organisation, as whistleblowing compliance is a key element in ensuring transparency and legality within companies.
To see the full guidelines, we invite you to consult this PDF.
On the subject, we also point out this interesting article that appeared in Il Sole 24 Ore by Ugo Ettore Di Stefano and Giulietta Bergamaschi.
This article was first published by our Italian member firm Lexellent. For any questions on the whistleblowing directive and how Lexellent can support your organisation to become compliant, reach out to either Giulietta or Ugo.