Caminho sinuoso na montanha, mostrando as dificuldades de implementação da diretiva europeia relativa à denúncia de irregularidades, no artigo "Guia passo-a-passo: Implementação de um Programa de Conformidade para a Diretiva Europeia de Proteção de Denunciantes"

Step-by-Step Guide: Implementing a Compliance Program for the European Whistleblower Protection Directive

Curvy mountain road, showing the dificulties to implement the whistleblowing EU directive, in article "Step-by-Step Guide: Implementing a Compliance Program for the European Whistleblower Protection Directive" article “Step-by-Step Guide: Implementing a Compliance Program for the European Whistleblower Protection Directive”

Step-by-Step Guide: Implementing a Compliance Program for the European Whistleblower Protection Directive


The European Whistleblower Protection Directive, also known as Directive (EU) 2019/1937, was adopted in 2019 with the aim of establishing minimum standards for the protection of whistleblowers who reveal violations of European Union law. The directive requires companies of a certain size to establish secure and confidential reporting channels to protect individuals who report illegal or harmful activities. This practical guide aims to help companies implement an effective compliance program in line with the directive.

Risk Analysis

Identifying Risks

The first step in implementing a compliance program is to carry out a comprehensive risk analysis. This process involves identifying all areas of the company where legal or ethical violations may occur that need to be reported. To do this, consider the following points:

Review of Business Operations

Examine all areas of the company’s operations, including finance, human resources, purchasing, sales and IT.

Employee Interviews

Conduct interviews with employees at different hierarchical levels to gain a thorough understanding of the potential risks.

Review of past incidents

Analyze previous reporting incidents to identify recurring patterns or areas of concern.

Probability and Impact Assessment

Once the risks have been identified, it is crucial to assess the likelihood of occurrence and the potential impact of each risk. Use a risk matrix to categorize risks according to their likelihood and impact. This assessment will help prioritize the risks that need to be addressed immediately.

Developing Mitigation Strategies

Based on the risk assessment, develop mitigation strategies to minimize the likelihood and impact of the risks identified. These strategies can include implementing internal controls, training employees and creating specific policies for high-risk areas.

Creating Policies and Procedures

Defining Reporting Policies

Whistleblowing policies should be clear and accessible to all employees. They should outline the types of conduct that should be reported, the reporting process and the protections offered to whistleblowers. Policies should include:

Scope of the Policy

Clear definition of what constitutes a valid report.

Reporting Process

Steps a whistleblower must follow to report a violation.


Guarantees that the whistleblower’s identity will be protected.

Prohibitions Against retaliation

Explicit statement that retaliation against whistleblowers will not be tolerated and that there will be consequences for those who retaliate.

Development of Investigation Procedures

Investigation procedures must be rigorous and ensure that all reports are treated fairly and impartially. Procedures should include:

Receiving and Recording Reports

Process for receiving and recording all reports.

Initial Assessment

Preliminary assessment to determine the credibility and seriousness of the report.

Formal Investigation

Detailed procedures for conducting a thorough and impartial investigation.

Results Report

Process for documenting the results of the investigation and the actions taken.

Feedback to the Whistleblower

Communication of the results of the investigation to the whistleblower, where appropriate.

Employee Training

Training is essential to ensure that all employees understand the whistleblowing policies and procedures. Develop regular training programs that cover:

Importance of Compliance

Explanation of the importance of compliance with the directive and the protection of whistleblowers.

Policies and Procedures

Detailed training on whistleblowing policies and procedures.

Whistleblower Protection

Information on the protections offered to whistleblowers and prohibitions against retaliation.

Choosing Reliable Reporting Software

Software Selection Criteria

Choosing reliable reporting software is a crucial step in implementing an effective compliance program. Consider the following criteria when selecting software:


The software must offer high security to truly protect the confidentiality of reports and the identity of whistleblowers.

Ease of Use

It must be intuitive and easy to use for all employees, regardless of their level of technological skill.


The software must be accessible on multiple platforms (computers, smartphones, tablets) to ensure that employees can easily make reports.


It should include functionalities such as registering reports, managing reported cases, secure communication with whistleblowers and generating reports.

Legal compliance

The software must comply with all applicable legal and regulatory requirements.

Implementing the software

Once you have selected the software, follow these steps to implement it:

Initial Configuration

Configure the software according to the company’s needs and policies.

User Training

Train all employees on how to use the report management software.

Launch and Communication

Make a milestone of the launch event (start of use) of the software and communicate its availability to all employees, highlighting the importance of using the system to report whistleblowing violations.

Monitoring and Review

Monitor the use of the software and regularly review its effectiveness, making adjustments as necessary.

Effective Communication with Employees

Creating a Communication Plan

An effective communication plan is essential to ensure that all employees are aware of the reporting policies and know how to use them. The plan should include:

Communication Objectives

Clear definition of the communication objectives, such as raising awareness of the whistleblowing policies and encouraging their use.

Target Audience

Identifying the different audiences within the company and adapting the messages to meet their specific needs.

Key Messages

Development of key messages highlighting the importance of compliance, the protections offered to whistleblowers and the reporting process.

Communication Channels

Selection of the most effective communication channels, such as emails, newsletters, face-to-face meetings and internal communication platforms.

Communication Calendar

Establishing a calendar for regular communication about whistleblowing policies and whistleblower protection.

Employee Involvement

To ensure that employees are involved with the compliance program, consider the following strategies:

Information Meetings

Organize regular meetings to discuss the reporting policies and answer any questions employees may have.

Educational Materials

Develop and distribute educational materials, such as brochures, posters and videos, that explain the reporting process and the protections offered to whistleblowers.

Continuous Feedback

Create mechanisms for employees to provide feedback on the compliance program and reporting policies.

Culture of Compliance

Fostering a culture of compliance is essential to the success of a whistleblower protection program. To achieve this, the company’s leadership must:

Demonstrate Commitment

Leadership must demonstrate a clear and visible commitment to compliance and whistleblower protection.

Set Expectations

Establish clear expectations for ethical behavior and compliance with reporting policies.

Reinforce Positive Messages

Reinforce positive messages about the importance of compliance and whistleblower protection in all internal communications.

Monitor and Review the Program

Regular Evaluation

The effectiveness of the compliance program should be evaluated regularly to ensure that it is meeting its objectives and corresponding to the requirements of the directive. To do this, establish a regular evaluation process that includes:

Data Analysis

Review of data on reports received, including the number of reports, types of violations reported and results of investigations.

Internal Audits

Conducting internal audits to assess compliance with reporting policies and procedures.

Satisfaction Surveys

Conducting satisfaction surveys among employees to assess the perception of the compliance program and identify areas for improvement.

Continuous Improvement

Based on the results of the assessment, implement continuous improvements to the compliance program. This could include

Updating Policies

Review and update reporting policies to reflect changes in laws, regulations, or business practices.

Improving Training

Developing new trainings or updating existing trainings to address areas of concern identified in the assessment.

Software Improvements

Implementing updates or changes to the reporting software to improve the usability and effectiveness of the system.


Implementing a compliance program with the EU Whistleblower Protection Directive is a complex but essential task to promote transparency and integrity within organizations.

By following the steps outlined in this guide, companies can develop an effective compliance program that protects whistleblowers, mitigates risks and promotes a culture of compliance.

By adopting robust risk analysis practices, creating clear policies and procedures, choosing reliable whistleblowing software, communicating effectively with employees, companies will be better prepared to comply with the directive and protect whistleblowers’ rights.

Continuously monitoring and reviewing the program will ensure that it remains effective and relevant, promoting trust and integrity within the organization.


For more information on how to implement an effective compliance program, visit our website and explore the resources available. If you have any questions or need personalized assistance, please contact us. We are here to help your company promote a safe, transparent and compliant working environment.

Create a robust and effective compliance program. Find out how our whistleblowing software can support your implementation and, if you are already a client, request tailor-made developments whenever necessary. Get in touch now!

Check out other articles that may be of interest to you.

We hope you enjoyed this article.

Thank you!

Published: 2024.07.10

Leave a Comment

Your email address will not be published. Required fields are marked *

Add Comment *

Name *

Email *