In France, before implementing a whistleblowing process, a company must inform and consult with its employees’ representatives, inform its employees and notify the French Data Protection Agency (CNIL).
There are two possible ways to notify the CNIL of a whistleblowing system:
- request a formal authorization from the CNIL (this is quite burdensome and difficult to obtain), or
- opt for the standard whistleblowing authorization (AU-004).