We take a look at the implications of the General Data Protection Regulation (GDPR) for whistleblowing systems.
Right to be Forgotten
GDPR also underlines the ‘Right to be Forgotten’. This includes the requirement that personal data be erased after being completely processed. Article 17 describes the conditions for the erasure of data: either the data is no longer relevant to the original purposes of processing, or the data subject withdraws his or her consent for data processing. In contrast to email or phone reporting, a digital whistleblowing system can easily meet erasure requirements by providing reporters and compliance teams options like data anonymization in a simple and structured manner.