Whistleblowing Policy Section Checklist In The United Kingdom
Section name | Section purpose | Relevant organisation type | UK compliance note | Example wording concept |
|---|---|---|---|---|
Essential | ||||
Purpose of the policy | Explains why the organisation has a whistleblowing procedure and encourages lawful reporting of serious wrongdoing. | All organisations | Supports transparency and helps workers understand how protected disclosures are handled in the UK. | This policy explains how to raise concerns about serious wrongdoing at work. |
Scope and who is covered | Identifies who may use the procedure, such as employees, workers, agency staff, contractors and trainees. | All organisations | UK whistleblowing protection applies broadly to workers, not only employees. | This procedure is available to employees, workers, agency workers, contractors and other individuals working with us. |
What is whistleblowing? | Defines whistleblowing as reporting certain types of wrongdoing in the public interest. | All organisations | Protected disclosures must usually concern specified wrongdoing and be made in the public interest. | Whistleblowing is raising a concern about suspected wrongdoing, risk or malpractice affecting others. |
Concerns covered by the policy | Lists examples of reportable concerns, such as criminal offences, legal breaches, health and safety risks, environmental damage and cover-ups. | All organisations | Categories should align with qualifying disclosures under section 43B of the Employment Rights Act 1996. | Examples include fraud, bribery, unsafe practices, environmental harm, legal breaches or concealment of these matters. |
Matters not covered | Distinguishes whistleblowing from personal grievances, employment complaints and routine workplace issues. | All organisations | Personal grievances are usually handled under grievance procedures unless they involve wider public interest wrongdoing. | Personal employment complaints should normally be raised under the grievance procedure unless they involve wider public interest concerns. |
Internal reporting channels | Sets out who workers can contact and how to raise a concern internally. | All organisations | Clear channels reduce delay and help organisations address concerns before external escalation. | Concerns may be raised with your line manager, HR, compliance officer or designated whistleblowing contact. |
Alternative reporting route | Provides a route where the usual manager is involved, unavailable or unsuitable. | All organisations | Good practice is to offer more than one route so concerns are not blocked by local management. | If your concern relates to your manager, you may report it directly to HR, a director or the whistleblowing officer. |
Recommended | ||||
External disclosures and prescribed persons | Explains when workers may report concerns externally and signposts prescribed regulators and bodies. | All organisations | Disclosures to prescribed persons can be protected if the legal conditions are met. | You may be able to raise certain concerns with a prescribed regulator, such as the HSE, FCA or Charity Commission. |
Anonymous reporting | Explains whether anonymous concerns are accepted and how anonymity may affect investigation and feedback. | All organisations | Anonymous reports should not be ignored, but anonymity can make investigation and updates more difficult. | We encourage named disclosures, but anonymous reports will be considered where enough information is provided. |
Essential | ||||
Confidentiality | Explains how the whistleblower's identity and report will be kept confidential where practicable. | All organisations | Confidentiality should be promised carefully because disclosure may be required for investigation, legal duties or regulatory reporting. | We will keep your identity confidential so far as reasonably practicable and lawful. |
Protection from dismissal | States that employees must not be dismissed for making a protected disclosure. | All organisations | Dismissal for making a protected disclosure is automatically unfair under section 103A of the Employment Rights Act 1996. | No employee will be dismissed because they have made a protected disclosure. |
Protection from detriment and retaliation | Prohibits victimisation, disciplinary action, demotion, threats or other adverse treatment for whistleblowing. | All organisations | Workers have the right not to suffer detriment because they made a protected disclosure. | Retaliation against anyone who raises a genuine concern is prohibited and may result in disciplinary action. |
Reasonable belief and public interest | Explains that protection depends on a reasonable belief that the disclosure tends to show relevant wrongdoing and is in the public interest. | All organisations | UK law no longer requires good faith to qualify, but bad faith may affect compensation. | You do not need proof, but you should reasonably believe the concern is true and in the public interest. |
Recommended | ||||
False or malicious allegations | Explains the difference between mistaken genuine concerns and knowingly false or malicious allegations. | All organisations | Disciplinary action should be limited to knowingly false or malicious reports, not genuine concerns that are unproven. | No action will be taken against a person who raises a genuine concern that is not upheld. |
Acknowledgement of concerns | Sets expectations for confirming receipt of a disclosure and explaining next steps. | All organisations | Prompt acknowledgement helps evidence that the organisation took the disclosure seriously. | We will acknowledge receipt of your concern and explain how it will be considered where practicable. |
Initial assessment and triage | Explains how the organisation decides whether a concern falls under the whistleblowing policy and what action is needed. | Medium and large businesses | Triage helps separate whistleblowing matters from grievances, safeguarding, fraud, data breach or disciplinary issues. | An initial review will determine whether investigation, referral or another procedure is appropriate. |
Essential | ||||
Investigation process | Describes how concerns will be investigated, by whom, and with what degree of independence. | All organisations | Investigations should be fair, impartial and proportionate to the seriousness of the concern. | A suitable person independent of the matters raised will investigate where appropriate. |
Recommended | ||||
Independence and conflicts of interest | Requires conflicts to be identified and prevents implicated people from controlling the investigation. | Medium and large businesses | Independence is especially important for regulated firms, boards, charities and public bodies. | Anyone named in or materially connected with the concern will not lead the investigation. |
Feedback and outcome updates | Explains what updates the whistleblower can expect and the limits caused by confidentiality and data protection. | All organisations | Outcome information may be limited to protect other employees, legal privilege and confidential disciplinary matters. | We will provide appropriate feedback where possible, but may be unable to share full investigation details. |
Indicative timescales | Provides realistic target times for acknowledgement, assessment, investigation and updates. | All organisations | Timescales should be flexible enough for complex investigations but clear enough to maintain confidence. | We aim to acknowledge concerns within a few working days and provide updates where reasonably possible. |
Escalation if dissatisfied | Explains what a whistleblower can do if they believe the concern has not been properly addressed. | All organisations | Escalation routes can reduce unnecessary external disclosures and help senior leaders identify unresolved risks. | If you remain concerned, you may escalate the matter to a director, trustee, board committee or prescribed body. |
Record keeping | Explains how disclosures, decisions, investigations and outcomes will be documented and retained. | All organisations | Records should be accurate, access-controlled and kept no longer than necessary under UK GDPR storage limitation principles. | We will keep appropriate records of disclosures and investigations in line with data protection requirements. |
Essential | ||||
Data protection and privacy | Explains how personal data in whistleblowing reports will be collected, used, shared and retained. | All organisations | Whistleblowing files may contain special category data, criminal allegation data or confidential employee information. | Personal data will be processed lawfully, securely and only for appropriate whistleblowing and related purposes. |
Optional | ||||
Legal privilege and confidential advice | Explains that some investigation material or advice may be legally privileged or confidential. | Medium and large businesses | Useful where serious allegations may require legal advice, regulatory notifications or litigation risk management. | Some investigation material may be confidential or subject to legal professional privilege. |
Recommended | ||||
Governance and board oversight | Identifies senior responsibility for whistleblowing arrangements and reporting to the board or equivalent body. | Medium and large businesses | The UK Corporate Governance Code expects boards to ensure workforce concerns can be raised in confidence and, if desired, anonymously. | The board has oversight of whistleblowing arrangements and will receive periodic reports on themes and effectiveness. |
Designated whistleblowing contact | Names or describes the role responsible for receiving concerns and coordinating the process. | Medium and large businesses | A clear owner improves accountability and consistency, especially where multiple reporting routes exist. | The HR Director, Compliance Officer or another nominated person will coordinate whistleblowing matters. |
Reporting to senior management | Explains when serious or recurring concerns will be reported to senior leaders, trustees or the board. | Medium and large businesses | Senior oversight helps identify systemic risks, failures of controls and recurring cultural issues. | Material concerns and trends will be escalated to senior management or the board as appropriate. |
Training and awareness | Explains how staff and managers will be informed about the policy and their responsibilities. | All organisations | Manager training reduces mishandling, retaliation risk and confusion with grievance procedures. | Managers will receive guidance on recognising protected disclosures and responding appropriately. |
Manager responsibilities | Tells managers how to respond to concerns, preserve confidentiality and avoid retaliation. | All organisations | Managers can create liability risk if they dismiss concerns, victimise workers or fail to escalate protected disclosures. | Managers must treat concerns seriously, maintain confidentiality and seek advice before taking action. |
Support for whistleblowers | Identifies internal and external support available to people raising concerns. | All organisations | Signposting independent advice can help workers understand their rights before making external disclosures. | You may seek confidential advice from Protect or another appropriate adviser. |
Optional | ||||
Wellbeing and employee assistance support | Signposts wellbeing support where raising or being involved in concerns may cause stress. | Medium and large businesses | Useful where investigations may affect mental health, workplace relationships or safety. | Confidential wellbeing support is available through our employee assistance programme where applicable. |
Essential | ||||
Disciplinary action for retaliation | Warns that victimising or retaliating against a whistleblower may be treated as misconduct. | All organisations | Disciplinary procedures should be applied fairly and consistently if retaliation occurs. | Any person who retaliates against a whistleblower may be subject to disciplinary action. |
Recommended | ||||
Fair treatment of people named in concerns | Explains that people named in a disclosure will be treated fairly and given appropriate opportunity to respond. | All organisations | Investigations should avoid prejudgment and respect employment rights, confidentiality and data protection. | Individuals named in concerns will be treated fairly and investigation findings will not be predetermined. |
Safeguarding concerns | Explains how whistleblowing concerns involving children or vulnerable adults are referred to safeguarding procedures. | Charities and non-profits | Charities, schools, care providers and public bodies may need immediate safeguarding escalation alongside whistleblowing handling. | Safeguarding concerns will be referred immediately to the designated safeguarding lead or appropriate authority. |
Health and safety risks | Explains how serious workplace safety risks can be raised and escalated urgently. | All organisations | Health and safety dangers are a qualifying disclosure category and may also require HSE reporting or urgent controls. | Immediate safety risks should be reported urgently to a manager, safety representative or designated contact. |
Fraud, bribery and financial crime concerns | Explains how suspected fraud, bribery, money laundering or financial misconduct should be reported. | Medium and large businesses | Whistleblowing may overlap with anti-bribery, anti-fraud, sanctions and anti-money laundering obligations. | Concerns about bribery, fraud, theft, false accounting or money laundering should be reported immediately. |
Regulatory breaches | Explains how suspected breaches of sector rules or licences should be reported internally or to regulators. | Regulated organisations | Regulated organisations may have separate regulator notification and conduct obligations. | Concerns about breaches of our regulatory obligations should be raised with compliance or the designated contact. |
Essential | ||||
FCA and PRA whistleblowing rules | Adds sector-specific arrangements required or expected for regulated financial services firms. | Regulated organisations | Certain FCA and PRA firms must maintain whistleblowing arrangements, appoint a whistleblowers' champion and inform staff of regulator routes. | Relevant staff may also report concerns directly to the FCA or PRA whistleblowing team. |
Whistleblowers' champion | Identifies the senior person responsible for overseeing whistleblowing arrangements in relevant financial services firms. | Regulated organisations | FCA SYSC 18 requires relevant firms to appoint a whistleblowers' champion with oversight responsibilities. | The whistleblowers' champion oversees the integrity, independence and effectiveness of our arrangements. |
Recommended | ||||
Annual whistleblowing report | Explains whether anonymised whistleblowing data will be reported to the board or regulator. | Regulated organisations | FCA whistleblowing rules require relevant firms to prepare an annual report to the governing body. | An anonymised annual report will summarise whistleblowing cases, themes and actions taken. |
Charity serious incident reporting | Explains when trustees may need to report serious whistleblowing matters to the Charity Commission. | Charities and non-profits | Charity trustees must consider serious incident reporting where significant harm, abuse, fraud or loss may affect the charity. | Trustees will consider whether a concern triggers serious incident reporting to the Charity Commission. |
Public sector reporting and escalation | Sets out internal and statutory escalation routes relevant to public authorities and public services. | Public sector bodies | Public bodies may have sector-specific routes involving auditors, commissioners, ombudsmen or inspectors. | Concerns may be escalated to the monitoring officer, internal audit, inspectorate or prescribed public body where appropriate. |
Healthcare and patient safety disclosures | Covers routes for raising concerns about patient safety, care quality or clinical governance. | Public sector bodies | NHS organisations commonly use Freedom to Speak Up Guardians and specific patient safety escalation routes. | Patient safety concerns may be raised with the Freedom to Speak Up Guardian or clinical governance lead. |
Education and school safeguarding concerns | Addresses concerns about child safety, misconduct, exam malpractice or governance in education settings. | Public sector bodies | Schools and colleges should align whistleblowing with safeguarding duties and Keeping Children Safe in Education guidance. | Child protection concerns must be raised immediately through safeguarding channels as well as whistleblowing routes where relevant. |
Optional | ||||
Proportionate process for small businesses | Adapts the procedure to a smaller structure while preserving confidentiality and alternative escalation. | Small businesses | Small employers still need to avoid dismissal or detriment for protected disclosures, even if roles are informal. | If the owner-manager is implicated, concerns may be raised with the external accountant, adviser or designated director. |
Essential | ||||
Interaction with grievance procedure | Explains when issues should be handled under whistleblowing, grievance or both procedures. | All organisations | Incorrectly treating a protected disclosure as only a grievance can increase legal and cultural risk. | Where a complaint contains both personal grievance and public interest wrongdoing, we may use both procedures. |
Recommended | ||||
Interaction with disciplinary procedure | Explains when investigation findings may lead to disciplinary action against those responsible for wrongdoing or retaliation. | All organisations | Any disciplinary action should follow a fair procedure and comply with the Acas Code where applicable. | If wrongdoing is identified, the matter may be addressed under the disciplinary procedure. |
Optional | ||||
Interaction with anti-bribery and fraud policies | Links whistleblowing with existing financial crime, anti-bribery, gifts and hospitality controls. | Medium and large businesses | A whistleblowing route supports detection of bribery and fraud risks but does not replace prevention procedures. | Bribery and fraud concerns should be reported under this policy or the anti-bribery and fraud procedures. |
Modern slavery and human rights concerns | Provides a route for reporting forced labour, trafficking, exploitation or serious supply chain abuse. | Medium and large businesses | Large commercial organisations may need transparency statements and mechanisms for identifying slavery risks. | Concerns about forced labour, trafficking or exploitation in our operations or supply chain should be reported promptly. |
Recommended | ||||
Environmental wrongdoing | Includes environmental damage, pollution, waste breaches or concealment of environmental risks as reportable matters. | All organisations | Environmental damage is expressly listed as a qualifying disclosure category under UK whistleblowing law. | Report concerns about unlawful pollution, improper waste disposal or concealment of environmental damage. |
Essential | ||||
Criminal offences | Makes clear that suspected criminal conduct can be reported under the procedure. | All organisations | A criminal offence that has been, is being or is likely to be committed can be a qualifying disclosure. | Concerns about theft, assault, fraud, bribery or other suspected criminal conduct may be raised under this policy. |
Breach of legal obligation | Includes concerns that the organisation or an individual is failing to comply with legal duties. | All organisations | Failure to comply with a legal obligation is a qualifying disclosure category under UK law. | Report serious concerns that we are breaching legal duties, licences, permits or statutory obligations. |
Concealment or cover-up | Makes clear that attempts to conceal qualifying wrongdoing are themselves reportable. | All organisations | Deliberate concealment of specified wrongdoing is included in the qualifying disclosure categories. | Attempts to conceal wrongdoing, destroy evidence or mislead auditors may be reported under this policy. |
Recommended | ||||
Urgent or emergency concerns | Explains what to do where there is immediate danger, serious harm or urgent risk. | All organisations | Emergency risks may require immediate action, emergency services, safeguarding referral or HSE contact rather than ordinary policy timescales. | If there is immediate danger, contact emergency services or the relevant safety lead without delay. |
Optional | ||||
Whistleblowing hotline or portal | Describes any dedicated phone line, online portal or third-party reporting system. | Medium and large businesses | Hotlines can support anonymous and confidential reporting but must be configured for UK data protection and access controls. | Concerns may be submitted through our confidential whistleblowing portal, available 24 hours a day. |
Third-party reporting provider | Explains the role of any external provider receiving whistleblowing reports on the organisation's behalf. | Medium and large businesses | Contracts and processor controls may be required where providers process personal data for the organisation. | Reports submitted through our external provider will be forwarded securely to authorised contacts. |
Group and overseas reporting | Explains how concerns involving group companies or overseas functions will be shared and managed. | Medium and large businesses | Cross-border handling may trigger UK GDPR international transfer and confidentiality requirements. | Where necessary, information may be shared with group compliance teams subject to appropriate safeguards. |
Recommended | ||||
Supplier, contractor and partner concerns | Allows external workers or business partners to raise concerns about serious wrongdoing connected to the organisation. | Medium and large businesses | Some contractors and agency workers may be protected workers under UK whistleblowing law. | Contractors and suppliers may use this procedure to report serious concerns connected with our activities. |
Agency workers and atypical workers | Clarifies that certain non-employee workers may use the procedure and may have statutory protection. | All organisations | Section 43K extends worker status for whistleblowing protection to certain agency and other atypical work arrangements. | Agency workers and other protected workers may raise concerns under this policy. |
Confidentiality clauses and settlement agreements | Confirms that contractual confidentiality clauses cannot prevent protected disclosures. | All organisations | Any agreement term is void so far as it purports to preclude a worker from making a protected disclosure. | Nothing in your contract or any confidentiality agreement prevents you making a protected disclosure. |
Media and wider public disclosures | Warns that public or media disclosures have stricter legal conditions and may not be protected. | All organisations | Wider disclosures may only be protected if statutory conditions are met, so independent advice is advisable. | Before making a disclosure to the media or public, you should consider seeking independent advice. |
Seeking legal advice | Explains that workers may make disclosures to legal advisers in the course of obtaining legal advice. | All organisations | Disclosure to a legal adviser in the course of obtaining legal advice is specifically protected. | You may seek confidential legal advice about your rights and options. |
Examples of prescribed persons | Lists common external bodies relevant to the organisation's sector, such as HSE, FCA, HMRC, ICO or Charity Commission. | Regulated organisations | The prescribed persons list should be kept current and tailored to the organisation's activities. | Relevant prescribed persons may include the HSE for safety, the ICO for data protection or the FCA for financial services. |
Essential | ||||
Contact details and access points | Provides practical contact information for reporting channels and support routes. | All organisations | Out-of-date contacts can make the policy ineffective and may deter timely reporting. | Reports may be sent to whistleblowing@example.co.uk or raised with the nominated contact listed below. |
Recommended | ||||
Accessibility and formats | Ensures the policy and reporting channels are accessible to disabled workers and those without digital access. | All organisations | Reasonable adjustments may be needed under the Equality Act 2010 for disabled workers using the process. | Alternative formats and reasonable adjustments are available for anyone who needs support using this procedure. |
Optional | ||||
Equality and discrimination concerns | Explains when systemic discrimination, harassment or equality law breaches may be raised as whistleblowing. | All organisations | Individual discrimination complaints may be grievances, but systemic or public interest concerns may also be whistleblowing. | Concerns about systemic discrimination or concealment of equality breaches may be raised under this policy. |
Recommended | ||||
Policy owner and review date | Identifies who maintains the policy and how often it will be reviewed. | All organisations | Regular review helps keep reporting channels, prescribed persons and legal references current. | This policy is owned by HR and will be reviewed at least annually or after material legal changes. |
Communication and publication | Explains where the policy is available and how workers are reminded of it. | All organisations | A policy that is hard to find is less likely to support early internal reporting. | This policy is available on the intranet, in the staff handbook and from HR on request. |
Monitoring and effectiveness | Explains how the organisation will assess whether its whistleblowing arrangements work in practice. | Medium and large businesses | Monitoring should consider case numbers, themes, response times, outcomes and retaliation indicators. | We will periodically review anonymised case data to improve our controls and reporting culture. |
Optional | ||||
Third-party retaliation risks | Addresses retaliation or adverse treatment by clients, suppliers, service users or other third parties. | Public sector bodies | Useful where workers regularly deal with clients, patients, service users, contractors or supply chain partners. | We will take reasonable steps to protect workers from adverse treatment linked to concerns raised about third parties. |
Essential | ||||
How to report victimisation | Provides a clear route for reporting retaliation or detriment after a disclosure. | All organisations | Promptly investigating alleged detriment helps reduce liability and protect the worker. | If you believe you have been treated badly because of a disclosure, report this immediately to HR or the designated contact. |
Optional | ||||
Interim protective measures | Explains temporary steps to protect the whistleblower, evidence and investigation integrity. | Medium and large businesses | Measures should avoid penalising the whistleblower and should be proportionate, documented and reviewed. | Temporary reporting line changes or evidence preservation steps may be used where necessary. |
Recommended | ||||
Evidence preservation | Tells workers not to destroy or improperly obtain evidence, and explains how evidence should be secured. | All organisations | Evidence handling should avoid unlawful access, data breaches and contamination of disciplinary or criminal investigations. | Do not destroy documents or access information unlawfully provide any relevant evidence you already hold lawfully. |
Optional | ||||
Police or law enforcement referral | Explains when alleged criminal conduct may be referred to the police or other enforcement bodies. | All organisations | Serious criminal, safeguarding, fraud or safety concerns may require external reporting beyond internal investigation. | Where appropriate, we may refer suspected criminal activity to the police or relevant enforcement authority. |
Recommended | ||||
Regulatory notification duties | Explains that certain concerns may trigger notification to a regulator, commissioner or funding body. | Regulated organisations | Regulator notification duties depend on sector rules and may apply even if the whistleblower requested confidentiality. | We will assess whether the concern must be reported to any regulator or statutory body. |
Optional | ||||
Audit and financial reporting concerns | Provides a route for concerns about accounting irregularities, audit manipulation or misleading financial statements. | Medium and large businesses | Listed and large entities should ensure audit committee or board routes for significant financial reporting concerns. | Concerns about false accounting, audit interference or misleading financial reports may be raised with the audit committee chair. |
Confidential business information | Explains how to raise concerns without unnecessary disclosure of confidential commercial information. | All organisations | Protected disclosure law may override some confidentiality restrictions, but disclosures should still be limited and appropriate. | Only share information reasonably necessary to raise the concern or obtain advice. |
Misuse of the procedure | Explains that the procedure should not be used to knowingly make false allegations or obstruct legitimate management action. | All organisations | Wording should not deter genuine disclosures or imply workers need proof before reporting. | Knowingly false or malicious allegations may be dealt with under the disciplinary procedure. |
Trade union or representative support | Explains whether a worker may seek support from a trade union representative or workplace companion. | All organisations | Support can help workers raise concerns clearly, but confidentiality obligations should be explained. | You may seek support from a trade union representative or appropriate workplace representative. |
Former workers | Explains whether former workers can use the reporting route for concerns arising from their work. | All organisations | Former workers may still hold relevant information and may need a route outside current staff systems. | Former workers may raise concerns connected with their work using the external reporting email address. |
Essential | ||||
Concerns involving senior leaders | Provides an independent escalation route where allegations involve directors, trustees or senior executives. | Medium and large businesses | Senior-level allegations require independence, board oversight and often external advice or investigation. | Concerns involving a director or trustee may be raised with the chair, senior independent director or external adviser. |
Recommended | ||||
Identity disclosure safeguards | Explains when the organisation may need to disclose the whistleblower's identity and whether it will discuss this first. | All organisations | Good practice is to discuss foreseeable identity disclosure unless doing so would prejudice the investigation or legal duties. | If we need to disclose your identity, we will discuss this with you where lawful and practicable. |
Optional | ||||
Learning lessons and workforce updates | Explains whether anonymised lessons from whistleblowing cases will be shared to improve trust and controls. | Medium and large businesses | Updates must protect confidentiality, personal data and fairness to people involved. | We may share anonymised lessons learned to improve controls and encourage a speak-up culture. |
What Should A UK Whistleblowing Policy Include?
A robust UK whistleblowing policy should do more than list a reporting email address. It should explain what counts as a protected disclosure, who can use the procedure, how concerns can be raised, how confidentiality will be handled, and how the organisation will protect workers from dismissal or detriment.
Why Is Protection From Detriment Essential?
Under the Public Interest Disclosure Act 1998 and the Employment Rights Act 1996, workers can bring claims if they are dismissed or subjected to detriment because they made a protected disclosure. Policies should clearly prohibit retaliation, victimisation and other adverse treatment.
Should Anonymous Whistleblowing Be Allowed?
UK good practice is to encourage named reports where possible, but still provide a route for anonymous disclosures. A policy should explain that anonymity may limit investigation, while confirming that anonymous concerns will still be considered where enough information is provided.
When Do Regulated Organisations Need Extra Sections?
FCA and PRA regulated firms need additional content covering whistleblowers\' champion arrangements, regulatory reporting routes, annual reporting and non-retaliation expectations. Charities, public bodies and regulated sectors may also need tailored escalation, safeguarding, serious incident or prescribed person sections.
How Should A Policy Handle Confidentiality And Data Protection?
Whistleblowing reports often contain sensitive personal data. The policy should explain who may access the information, when confidentiality may be limited, and how personal data will be handled under UK GDPR and the Data Protection Act 2018.

FAQs
You Might Also Be Interested In

