Skip to content
English - United Kingdom
  • There are no suggestions because the search field is empty.

Step 5 : Compliance

Ensuring SpeakUp Meets Compliance Requirements

If you’re a compliance professional, you understand how crucial SpeakUp is as part of your compliance framework. This article will guide you on what you need to know and do to ensure your SpeakUp Line meets the essential regulations. 

Compliance Areas to Focus On

  • Privacy Law
  • Labour Law
  • Whistleblowing Protection Law
  • ISMS

We focus on common compliance and approval entities in this article. Please note that specific approvals may be required based on your company or sector, which we may not cover here.

Privacy Law

SpeakUp might involve sharing of personal data, hence data processing activities are inevitable. Privacy concerns have evolved, and the emphasis is now on having a low-barrier whistleblowing tool while complying with GDPR and other relevant privacy laws.


Essential Steps:

  • Ensure governance structures and procedures are documented.
  • Use a privacy-compliant tool like SpeakUp

Labour Law

In certain European countries, works councils have rights that must be respected, such as receiving information, consultation, and approval. Non-compliance can lead to serious consequences, as evidenced by Walmart's case in Germany.

Essential Steps:

  • Establish solid SpeakUp governance structures and procedures.
  • Conduct works council risk mapping.
  • Obtain necessary approvals.
  • Inform and engage with works councils early.
  • Consider keeping a local branch closed if facing delays to avoid a global launch delay.

Nice to Have:

  • Create continuous activation and sponsorship programs.

Whistleblowing Protection Law

Whistleblowing protection laws, such as the EU Whistleblowing Directive, support the implementation of SpeakUp by protecting whistleblowers. This can help obtain approvals from various departments.

Essential Steps:

  • Establish solid processes and governance
  • Write a clear explanatory document for potential reporters
  • Go the extra mile to support and protect reporting persons.
  • Invest in facilitating early conversations about a SpeakUp culture.

 

PISMS (Privacy Information Security Management System)

In SpeakUp®, potentially the most business critical information of your organisation is being discussed. Internal approvals from the Information Security and Privacy offices are often required. Therefore, we recognise that providing meaningful assurances on the protection of both the reporter and organisation data is our permission to play.

  • ISO/IEC27001:2013 (control framework Annex A)
  • ISO/IEC27002:2013 (best practices ISO27001)
  • ISO/IEC27701:2019
  • NOREA Guide Privacy Control Framework: August 2019 and
  • General Data Protection Regulation 2016/679 (GDPR)

  • Quarterly Audited PISMS – ISAE3000 Type II