Webinar 'Whistleblowing from data protection perspective: National experiences and knowledge sharing'

 

Webinar

WHISTLEBLOWING FROM DATA PROTECTION PERSPECTIVE:
NATIONAL EXPERIENCES AND KNOWLEDGE SHARING

(only english language)

 

On Thursday, October 26, from 2:00 to 4:00 p.m., the webinar "Whistleblowing from data protection perspective: National experiences and knowledge sharing" will be held. The online event is organized in cooperation with the Czech Association for Protection of Personal Data with which Federprivacy has initiated a collaboration.

 

During the webinar, which will be held in English, four experts from the Czech Republic, Italy, France and Germany will take part. During their presentations, the speakers will describe how the European Directive on whistleblowing has been transposed in their country and which are the main critical issues, and then answer a series of practical questions on the topic.

 

The Italian implementation of the Whistleblowing directive presents us with two interesting issues. Firstly, the legitimation of a report directly sent to the external channel whenever the requirements are wrongfully thought as existent by the whistleblower. Secondly, the qualification of the member of the Surveillance Body, which has been designated as the receiver of the report in the internal channel, as a Data Processor, when he has already been qualified as internal authorized personnel in his general duties as a member of the Surveillance Body per L. decree 231/2001.

 

Abstract - Every implementation of a European directive at the national level has its physiological nuances, but with the Legislative Decree 24/2023, which implements in Italy the European Directive 2019/1937, a few issues arose. Article 6 of the decree contains a very detailed list of cases in which the whistleblower can directly report to the external channel, which in Italy is the ANAC’s website platform, contains a few open clauses. These open clauses could result, in the case in which the whistleblower wrongfully consider one of the listed requirements as existing, in a report which, while being substantially founded, is procedure-wise illegitimate. What is the fate of such report? The second issue regards the qualification of the Surveillance Body member as a receiver of the report for the internal channel. While the Italian National Data Protection Authority has qualified him for the general corporate liability regulation as “authorized personnel” as for art. 29 of the GDPR, his activities as the receiver of the report qualify him as a “Data Processor” as for art. 28 of the GDPR. Is this double role legitimate in the eye of the data protection regulation?

 

Speakers:

 

Avv. Matteo Alessandro Pagani - Criminal defense attorney, he has experience in various fields, including occupational safety, corporate crimes and fiscal law. Since 2001, he has been an expert in Compliance and he is President or external member of Supervisory Bodies of numerous companies and entities in the pharmaceutical, nutraceutical, commercial, manufacturing, and non-profit sector.

 

Dott. Alessandro Burro -  Graduated from the Faculty of Law with a thesis on the monetization of personal data, qualified to practice as a lawyer, he has, over the last few years, supported many companies and entities in complying with personal data protection regulations, in the management of personal data violation events as well as in the relations between companies and the Italian Data Protection Authority.

 

Basile Guley (France) - Compliance lawyer in a “compliance directorate” at CNIL.

 

Rohia Hakimová (Czech Republic) - Group AML & Compliance Officer at CTP and executive Board Member of the Czech Compliance Association.

 

Regina Muehlich (Germany) – Business lawyer expert in data protection and managing director of the management consultancy AdOrga Solutions GmbH.

 

Participation is restricted to Federprivacy members who can register by booking (logged) from this page.