In France, before implementing a whistleblowing process, a company must inform and consult with its employees’ representatives, inform its employees and notify the French Data Protection Agency (CNIL).
There are two possible ways to notify the CNIL of a whistleblowing system:
By a decision dated October 14, 2010, and published on December 8, 2010, the French Data Protection Agency (known under the acronym CNIL) revised the deliberation that it issued on December 8, 2005.
At that time, the CNIL had issued a deliberation to reach a compromise between the United States’ Sarbanes-Oxley (“SOX”) requirements and French law. According to Article 1 of that deliberation, companies were authorized to adopt whistleblowing systems implemented in response to French legislative mandates, regulatory internal control requirements (e.g. regulations governing banking institutions), or the whistleblowing requirements of the SOX Act. According to Article 3 of the 2005 deliberation, alleged wrongdoings not encompassed within these core areas may be covered by the whistleblowing system only if vital interests of the company or the physical or psychological integrity of its employees were threatened.
…
Proskauer and our platform provider LexBlog each use cookies to personalize content and ads, to provide social media features and to analyze traffic. Each of us also share information about your use of our site with our social media, advertising and analytics partners. If you are happy for us to store these cookies on your device please click ‘Accept Cookies.' For more information, please see here and here.
