Member area

Germany: Operation of a reporting office / whistleblower system in accordance with the Whistleblower Protection Act (HinSchG): The most important documents

13 November 2023


Imagine working in a company where you witness wrongdoing. Perhaps laws are violated, or there are complications of an ethical nature. You want to do something, but you're afraid of being disadvantaged or even losing your job. This can be a stressful feeling and at the same time harm the company. The legislator has a solution for this: the whistleblower system.

The whistleblowing system is an important part of comprehensive compliance management, which not only protects the integrity of the company, but also improves the working atmosphere for everyone. It allows employees and other parties involved to confidentially report violations of laws, regulations, or ethical principles without fear of reprisals. This enables companies to identify and eliminate risks at an early stage.

Why is this important? Because it helps companies identify and eliminate risks at an early stage. But the introduction of a whistleblowing system is not without its pitfalls. It requires careful planning and implementation, and there are a number of documents that are essential to regulate the functioning of the system, as well as the rights and obligations of whistleblowers and companies.

In this blog post, we would therefore like to introduce you to the most important documents for a successful establishment of a whistleblower system.

1. Comprehensive Rules of Procedure

The Rules of Procedure are the central document of a whistleblowing system. It regulates the entire structure of the system, including the following points:

  • What types of reports are accepted?
  • To whom can reports be sent?
  • How are reports processed?
  • How is the protection of the whistleblower ensured?


2. Transparent data protection information

The data protection information is information for data subjects and whistleblowers, in which the data processing processes within the framework of the whistleblower system are set out in detail. It must include the following points, among others:

  • What personal data is processed?
  • For what purpose is the data processed?
  • To whom will the data be disclosed?
  • How long will the data be stored?


The data protection information should be written in an easy-to-understand language. It should also explain the rights of whistleblowers to information, correction, erasure and restriction of processing.

3. Well thought-out authorization concept

The authorization concept regulates who has access to the data of whistleblowers and other persons who may be included in a report. It should include the following:

  • What are the roles in the whistleblowing system?
  • What are the permissions of each role?
  • How are access permissions assigned and managed?


The authorization concept should be designed in such a way that the data protection of the whistleblowers is guaranteed.

4. Information letter to employees

Don't forget the cover letter to employees. This serves to inform employees about the whistleblowing system. It should include the following points:

  • Where do employees get information about the whistleblowing system?
  • How can employees make a report?
  • Which contact persons are available to answer questions?


The text should be written in easy-to-understand language and encourage employees to use the whistleblowing system.

5. Notices on the website

On the website you will find information about the following points, among others:

  • Where can whistleblowers find information about the whistleblowing system?
  • How can visitors to the website submit a report?


The information on the website is intended to encourage whistleblowers to use the whistleblowing system.

Find out more here and get a free short webinar:


For further information, please contact:

Diane Frank, Partner



t: +49 (0)1578 90 333 60


#WLNadvocate #Germany #ITlaw #techlaw #technologylaw #legal #lawfirm #network #whistleblower #companylaw #dataprotection #dataprivacy #employment #data


To the overview