Can the roles of DPO and whistleblowing officer be merged?
Personal data protection and whistleblowing are two different topics — different regulations with different purposes, scope and requirements. But, in fact, they are closer than they seem, especially for practical reasons. Both data protection governance and whistleblowing systems are often exercised by the same unit — the compliance department — or even by the same person. This solution offers several advantages, but also some problematic points that need to be highlighted and clarified in advance. Why is this question topical, especially in the EU? The answer is clear: The EU Whistleblower Directive that went into effect December 2021 significantly expands the range of organizations obliged to implement a whistleblowing process. According to the directive, every employer with more than 50 employees and a number of public entities must set up a confidential reporting channel, appoint a person to investigate reports (whistleblowing officer) and protect the whistl