Corporate compliance

The number of companies ordering the implementation of a whistleblowing system is constantly growing. It is mandatory for some of these companies to have such a system in place, while for others, its existence represents a commitment to ethical, transparent, and predictable operations.
In practice, the whistleblowing system is a dedicated electronic platform where abuses of the law and the code of ethics within a company can be reported, whether with or without a name, but in any case, with anonymity.
Anyone with a legitimate interest in making a report or resolving the conduct that is the subject of the report may file a report. The platform is open to employees of the company and third parties with a contractual relationship with the company.
To report an alleged misuse, the whistle-blower must declare that the report is made in good faith about circumstances of which they have actual knowledge or reasonable grounds to believe that they are real.
Reporting in bad faith may result in civil and criminal penalties. In the case of a report made in good faith but proved unfounded during the procedure, the investigation will be closed without informing the parties concerned.
The system will provide information to whistle-blowers on their rights regarding the protection of personal data, the procedural rules in the investigation of whistleblowing and the confidentiality of their identity. The investigation process is conducted in confidence and no third party other than the investigators is involved until formal disciplinary action is taken.
The whistleblowing facility has a preventive effect, as most intended abuses do not even reach the experimental stage since if the abuse is likely to be discovered, it will not achieve its purpose.
In addition, it may be highly desirable for senior managers to access a lot of information through the system, which would not reach them in a structured corporate system or would reach them much later.
Overall, whistleblowing systems have a strong risk-reducing effect.

Corporate internal audits should be regular, independent, objective, complete and rapid, as much as possible. Our firm does not normally support internal controlling processes that are part of a company's normal activities, but assists in the internal handling of anomalies that are suspected or have occurred where the company needs external expert legal support. In these cases, in addition to representing the owner's interests, we must establish whether an event, action or negligence has occurred that requires legal action. Therefore, we help to prepare the ground for a decision and, if necessary, propose possible solutions after analysing the risks.
Typical situations include employee misuse for financial gain, corruption, or data fraud, usually committed for financial gain. The latter is common in situations where employees want their work to look more than it actually is or to save time by checking the correctness of the data content generated. In many cases, we have to give an opinion on the technical means that can be used to carry out a particular check or inspection, taking into account privacy and data protection issues.
Given that one of the results of an internal investigation is often the termination of the employee's contract, we must seek to ensure that our client's litigation position in a potential lawsuit is secure so that the legality of the procedure and the ability to draw fair and reasonable conclusions from the results of the investigation are our primary concerns.

The employer operating the reporting system for abuses is obligated to investigate the report and inform the whistleblower of the results of the investigation and the measures taken within a deadline. A reliable whistleblower protection lawyer can also be contracted under a contract for receiving or investigating reports.
If we receive such a request, we take immediate action after receiving the complaint: we not only provide feedback to the whistleblower but also provide information to the persons affected by the report about the report concerning them, their rights, and the rules regarding the handling of their data.
We have designed our reporting system so that the identity of non-anonymous whistleblowers is not known to anyone other than the investigators. Until the end of the investigation or the initiation of formal disciplinary action as a result of the investigation, we keep the content of the report and the information about the persons affected by the report confidential.
It is especially appropriate to entrust a lawyer with this task. The whistleblower protection lawyer forwards the report to the client, but is bound to maintain confidentiality with regard to data that would enable the identification of the whistleblower. Therefore, only an excerpt of the report that does not contain data enabling the identification of the whistleblower is sent to the client, unless the whistleblower has given prior written permission to release the information.
We can not only assist in protecting the whistleblower but also in organizing and conducting the investigation process. The investigation process has numerous legal aspects, and legal support is essential for its continuation. In some cases, it can be embarrassing or generate conflicts of interest for the designated investigators to conduct the investigation themselves or to have access to the data. In addition, a several-day or several-week investigation without involving a lawyer incurs extraordinary costs, as the designated employees can only perform their basic duties to a limited extent during that time.

One of the central and vital elements of data protection compliance is providing a privacy notice to data subjects. This is essentially the responsibility of the company's management. Moreover, it is a cross-jurisdictional responsibility because anyone who fails to comply with the obligation to inform data subjects in breach of the legal provisions on the protection or processing of personal data and thereby causes significant damage to the interests of others, commits a criminal act.
However, by issuing a privacy notice, clients are far from being in compliance with the requirements of data protection legislation. It is 'only' the surface and, ideally, one of the last things to be done. The real challenges of data protection compliance lie deep: aligning processes, corporate data processing customs and practices with legal requirements.
This involves using a pre-defined methodology to review our clients' operations and day-to-day data protection practices, identifying and prioritising risks, and then working with the client to develop the most appropriate legal solution.

A transparent company with a high reputation need has high ethical standards at all stages of its business processes. This requires the company to have a code of conduct and/or ethics to ensure consistent enforcement of internal rules, as constant and high-quality performance is not possible without ethical behaviour.
This contributes to the company's reputation and customer satisfaction, both in the B2B and B2C sectors. Setting ethical standards helps to clarify the relationship between employees, the attitude towards suppliers and the functioning of corporate responsibility, even in the case of minor problems.
The code of ethics also establishes respect for, compliance with and enforcement of the law, the requirement of honesty, accountability, fair employment practices, anti-corruption and corporate loyalty. If we are asked to prepare a code of ethics, we will usually also propose, after examining the company's culture, a code of conduct to avoid conflicts of interest and, once they arise, the processes for seeking to resolve them. As soon as a code of ethics that has been completed and adopted is introduced, we hold workshops to familiarise employees with the code's content and communicate the essence of the overall requirements.
For internal procedures (e.g. whistleblowing, internal investigation, disciplinary proceedings, preparation of termination of employment, etc.), the code of ethics can act as a kind of constitution, a fundamental rule and can help investigators to make a judgement on the case. It is widely accepted judicial practice that the declared and applied provisions of a code of ethics can be used to support the arguments of the party referring to it in an employment dispute.

Company rules and policies fall into two categories. The first category includes those that are mandatory or whose absence is a clear disadvantage for companies. These areas are basically accounting, health and safety, data protection or even inventory.
In addition, a company may establish rules on practically any subject to assist its operations, clarify its objectives, enhance its reputation or support the achievement of its goals. This could be the use of company-provided equipment, information security, physical document management, equal opportunities, the use of company cars or even the creation of policies regarding social media.
The coherence of well-defined company policies contributes to more predictable operations, automation of processes, faster onboarding of new employees, clarification of deadlines and responsibilities, and thus allows for a high level of accountability.
Because of the purpose which companies assign to company rules, the need to establish procedural rules and the necessity to cross-reference them – the assistance of a competent lawyer is indispensable for final formulation of company rules.

Undoubtedly, one of the challenges of the present and the near future that will affect all companies, regardless of size, is the digitalisation of internal and external processes and the achievement of paper-free processes. Now, this is still burdensome to achieve fully, but we are not far from the point where stapled file folders and filing cabinets will be banished from the office environment for good. We often find that companies go overboard in this process and want to add electronic or even qualified electronic signatures to documents where this is unnecessary (generates unnecessary costs), whereas it would be sufficient to simply scan and e-mail a signed contract of engagement or employment contract to clients or employees. Lawsuits where a party disputes the existence of a document, or its content (text) are rare.
The development of paper-free HR is now a technological matter. Many of the legal obstacles have been removed, opening the way for a process that requires virtually no personal contact or extra workforce from the moment a legal relationship is established until it is closed.
We can help you choose the right service providers and applications, ensuring that the parties always have access to the relevant documents through appropriate authorisations and that the employment documents can be updated and "moved" in a data-protected, secure system.