Global menu

Our global pages


Whistleblowers (Safe Haven) Act Obligation for employers with 50 or more employees to have whistleblowers’ regulations

  • Netherlands


    On 1 March 2016 the Senate adopted the Whistleblowers (Safe Haven) Act (‘Act’). This act is expected to take effect on 1 July 2016. Contrary to what one may expect from the title of this act, the new act does not just provide in incorporating the ‘House for Whistleblowers’ (‘the House’). The Act stipulates that employers with 50 or more employees have to develop and introduce regulations for whistleblowers. The new Act is not only important for companies that do not yet have regulations for whistleblowers but also for companies that do have such regulations in place (for example based on the Dutch Corporate Governance Code). We advise to review existing regulations (or have these reviewed) to assess whether these comply with the requirements of the new Act.

    Internal whistleblowers’ regulations

    The Act gives companies a great deal of freedom on the contents of whistleblowers’ regulations, but stipulates minimal requirements that the regulations have to comply with. For example, the following issues have to be addressed: internal reporting procedures and the designated contact persons, a definition of the suspected wrongdoing and a stipulation on the confidentiality of the identity of the reporting person.

    In order to provide organizations with the opportunity to deal with wrongdoings themselves, the government took an internal reporting procedure as the basic starting point. External reports are possible if a report is not properly handled by an organization or if an employee in all reasonableness cannot be expected to report internally.

    The Advice Centre for Whistleblowers published model regulations (“Modelregeling omgaan met het melden vermoeden misstand of onregelmatigheid”) that comply with the statutory components. However, apart from the requirements under the new Act, these model regulations also have components that in our opinion do not have to included in whistleblowers’ regulations, or in an adapted format.

    The Act does not provide sanctions if the employer fails to comply with the stipulation to develop and introduce whistleblowers’ regulations. However, if the House investigates and finds that there are no or insufficient regulations, this can mean damage to the reputation of an organization (because the investigation report of the House is published). Also, in that case there can be more justification for an employee reporting externally immediately, so outside of the employer.

    Works Council

    In the new Act the Works Council has an explicit right of consent concerning intended decisions to establish, alter or withdraw whistleblowers’ regulations.

    House for Whistleblowers

    The Act provides for the incorporation of a new body, the House for Whistleblowers (‘the House’)  that has two main duties: advice and investigation. This part of the new Act can have a major impact on the reputation of companies, as an investigation by the House will be made public.

    Prohibition of termination and prohibition of disadvantaging

    The new Act also introduces a new prohibition of termination. The employment contract of an employee who reported the suspicion of an abuse properly and in good faith cannot be terminated during and after the handling of such a report. Also, the employee cannot be disadvantaged during or after the handling of the report. Such disadvantaging includes: taking disciplinary measures, rejecting a request for leave, denying a salary increase and/or transfers.

    These prohibitions are not restricted to a certain period of time, but, according to the government the terms ‘during and after’ have to be considered in a broad sense.

    Personal Data Protection Act

    Whistleblowers’ regulations process personal data, such as the contact details of the whistleblower and the employee who the report concerns. This means that the Dutch Personal Data Protection Act applies and the regulations shall have to comply with the stipulations in that act, including, but not limited to, a legal basis for processing personal data, compliance with the statutory retention period and the rules on passing on personal data. Also, data processing shall have to be reported to the Dutch Data Protection Authority.

    Anonymous reports deserve a special mention. Under whistleblowers’ regulations anonymous reports should not be the standard and an employer should not encourage anonymous reports. This means that the regulations should include that a whistleblower has to reveal himself when making the report and that anonymous reports are only possible in exceptional circumstances.

    Also, even before whistleblowers’ regulations are implemented, an employer shall have to inform his employees on how personal data is processed. The employer has to notify the employees, among others, about the (categories of) personal data, the purposes for the processing of personal data, which persons have access to the personal data and how the identity of the whistleblower is protected.

    If you have any questions about the above, if you want further advice or assistance in assessing your current whistleblowers’ regulations or in developing new whistleblowers’ regulations, please let us know.