Scope of the new national strategy against corruption.
There is a new reality in the fight against corruption in the European Union and Portugal as a member is not left out. On the contrary, it was one of the first members to transcribe the Directive (EU) 2019/1937 of the European Parliament and of the Council, on the protection of persons who report violations of Union law, into Law no. No. 93/2021 of June 20, which established the General Whistleblower Protection Regime (GWPR), as well as defined and implemented the National Strategy against Corruption, Decree-Law No. 109-E/2021 General Regulation on the Protection against Corruption (GRPC), and with the entry into force of both laws last June 2022.
Both laws against Corruption are relevant because it is recognized that fraud, corruption and irregularities in general in society and in organizations are phenomena that cause damage of various kinds and affect almost all sectors of activity.
The implementation of both regulations – GRPC and GWPR – is mandatory for public entities employing more than 50 employees and more than 10,000 inhabitants (e.g. Local Authorities) and private entities employing more than 50 employees, as well as other private entities covered by the exception regimes, here regardless of the number of employees – (e.g. Real Estate, financial, insurance, etc.).
It is thus clear that, regardless of its compulsory nature, the implementation of the norms brings a new vision of the problem, because
– It increases coherence and validates the values of ethics as benchmarks of integrity in societies;
– It increases the confidence of individuals in the fulfillment of expectations in their daily social relations;
– Increases the credibility of institutions and the strengthening of the relationship of trust with citizens in the public sector;
– Increases the credibility of customers and also of competitors in private sector organizations;
– Holistically watches over the economy and the preservation of material assets of organizations in general, as well as the detection of tax fraud and money laundering;
What underlies the implementation of the GDPC and GWPR?
The implementation of the mandatory regulatory compliance program in organizations, must observe the following needs:
1 – Adoption of a plan for the prevention of risks of corruption and related infractions, which must be updated every three years and or whenever changes at the level of the organizational structure of the entity make it evident;
2 – Adoption of a Code of Conduct in the organization;
3 – Internal Training Program within the organization;
4 – Incorporation of a Report Channel, with the obligation of receiving denunciations in Confidentiality and/or anonymization of the denouncer;
5 – Appointment of a person responsible for compliance with the regulations and respective handling of reports;
6 – Handling of reports by a dedicated team (Outsourcing and/or internal to the organization);
Why a technology-based Whistleblowing Channel?
The need to be in “full compliance” with legal regulations and “Privacy” with the General Data Protection Regulation, guaranteeing in an “irrefutable” way to the whistleblower, the total “Confidentiality” and “Anonymization” of the report, is only possible with a platform that ensures Confidentiality, Integrity and Availability and Privacy of the processes.
The use of applications with low security level or other manual means of collecting and processing reports, can be easily compromised and in our opinion are not in accordance with legal regulations and can easily be challenged by experts.
iBlow provides a platform for gathering and processing complaints, developed by a consortium of Information Security Auditors, specialized Legal team and specialized vertical software development team.
The iBlow team governs the entire project, application, portal hosting and all the functionalities with a permanent thought. From the first moment all decisions are governed by the design based on security processes from the conceptualization “Security by Design”, which leads us to the highest security standards and observing the regulatory requirements that ensure the maximum possible security.
Conforming normative requirements:
ISO37002:2021 – Whistleblowing Management Systems – Guidelines
ISO27001 – Information Security Management System
ISO27701 – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines
GDPR – The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
ISAE3402 Type II – The scope of an ISAE 3402 engagement is control set of the service organization (SOC).
SSAE 18 – Statement on Standards for Attestation Engagements no. 18, SOC 1 Type 2, SOC 2 Type 2.
WCAG 2.1 AA – Web Content Accessibility Guidelines
PCI DSS – Payment Card Industry Data Security Standard
For more information download our e-book:
#iblow #whistleblowing #denouncement #rgpc #corruption #legal #rgpd #lawtech
[email protected] – 210 961 526 – www.iblow.eu
Published at: 29/08/2022