The draft legislative decree to transpose the EU directive on whistleblowing has been approved. As the fight against corruption and the protection of whistleblowers progresses this year, those who decide to report wrongdoing, whether in the public or private sector, will be able to do so relying on greater protection. In early December, the government approved the draft legislative decree transposing Directive [(EU) 2019/1937] on whistleblowing. All that remains to be done is publication in the Italian Official Gazette, after which companies with more than 250 employees will have four months to comply with the new rules, while those with between 50 and 250 employees will have until 17 December 2023. This transposition is late, as the deadline was set for 17 December 2021, but Italy is not the only country to be late with compliance. The EU directive introduces important measures regarding preventing and combating corruption and prepares minimum standards for whistleblower protection; it applies to both the public and private sectors and provides legal protection to a large number of potential whistleblowers. It also establishes appropriate measures to ensure the protection of whistleblowers from retaliation and requires the creation of mechanisms to facilitate whistleblowing. ‘Since 2017, in Italy, the rules on whistleblowing in the private sector have been regulated exclusively by Italian Law No 179 of 2017, which introduced the possibility of establishing specific protection systems for those who report wrongdoing, better known by the English term “whistleblowers”’, explains Vittorio De Luca, managing partner of De Luca&Partners, ‘Compared to the national regulatory framework outlined by the 2017 law, the new legislation extends the obligation to establish a whistleblowing channel to all private sector companies with more than 50 employees. It can be established after hearing from the trade union representatives or organisations.’ The decree (and before it the EU directive) is expressly aimed at protecting those who report breaches of EU law in areas such as public procurement, services, financial products and markets, money laundering, environmental protection, public health and consumer protection. It requires that appropriate arrangements be identified so that the protection and confidentiality of whistleblowers is guaranteed, as well as, for workers, protection from any form of retaliation. ‘Under thedecree, retaliation constitutes, by way of example, a change in duties, dismissal, change of workplace, reduction in salary, change in working hours the non-renewal and early termination of a fixed-term employment contract,’ De Luca concludes. ‘Companies will therefore have to set up internal and external reporting channels by implementing management procedures that ensure the confidentiality of both the whistleblowers and the personal data, including storage, which will have to be carried out in accordance with the legislation on the protection of personal data now represented by Regulation (EU) 2016/679, better known as the GDPR’
