Find Answers to your Questions


GDPR stands for General Data Protection Regulation and is the European Union’s (EU) rules on the protection of all individuals’ personal data. Businesses, amongst others, are obligated to comply with the requirements set out in the Regulation, e.g., to have a legal basis for processing, to inform the individuals concerned about the processing, to ensure fundamental rights, and to make sure that there is a basis for the transfers of personal data.

As a main rule GDPR covers all types of personal data. In general, a distinction is made between general personal data (e.g., name, e-mail address, address, etc.), special categories of personal data (e.g., health, racial or ethnic origin, etc.), and data on criminal offences and convictions.

The GDPR applies when a public authority, a business, an individual, etc., processes personal data on individuals, regardless of where the public authority, business, or individual is located, or where the data processing takes place.

The GDPR Solution provides tools and resources to help businesses streamline compliance efforts, including data inventory and mapping, consent management, management of data subjects’ rights, breach notification capabilities, and help with documentation requirements.

Non-compliance with the GDPR can result in severe penalties, including fines of up to € 20 million or 4 pct. of the company’s global annual revenue, whichever is higher. Additionally, businesses may suffer reputational damage, loss of customer trust, and legal action from data subjects.

Compliance with the GDPR is a shared responsibility within an organization, with accountability resting primarily on senior management and the Data Protection Officer (DPO), if appointed. However, all employees who handle personal data must be aware of their obligations and contribute to compliance efforts.

In the GDPR distinction between the data controller and processor is made when legal persons (e.g., public authorities, businesses, or organizations) or individuals process personal data on behalf of other legal persons or individuals. The data controller is responsible for compliance with the GDPR, and that a data processing agreement (‘DPA’) is in place.

Whistleblowing FAQ

The European Union (EU) has adopted the Whistleblower Directive, which sets out the minimum requirements for the protection of whistleblowers and the creation of reporting channels. The Whistleblower Directive must be implemented in the law of the Member States. Therefore, every Member State was after the 17th of December 2021 required to have a national law on the protection of whistleblowers, although not all Member States have implemented it yet.

The rules on the protection of whistleblowers provide, that companies with 50 or more employees after the 17th of December 2023 must establish an internal reporting channel, where employees can report breaches of law, acquired in a work-related context.

Whistleblowers can through the internal reporting channel submit reports on breaches of the law, regarding certain EU regulations (e.g., financial services, transport safety, consumer protection). The Member States can also extend the coverage of application, which is seen in e.g., Denmark, where the scope of application is extended to e.g., severe harassment and sexual harassment, fraud, theft, and black mailing.

After a report has been submitted, our assigned persons authorized to receive reports in our Screening Team will screen the report, and provide feedback to the whistleblower with discretion. If the report falls under the scope of the relevant whistleblower rules, we might determine to move forward with the case, and file a report to the management of the business or include the relevant public authorities.

Whistleblowers who have submitted a breach of the law through the internal reporting channel are protected against retaliation, e.g., against dismissal and a negative performance assessment. Information from which the identity of the whistleblower may be directly or indirectly deduced is treated as confidential information, and is subject to a special duty of confidentiality.

Yes. A company must provide information on the procedures for making the report in a visible place, accessible to the persons covered by the company’s internal reporting channel. Depending on circumstances, a visible place could, e.g., be the company’s website. To the extent that the reporting channel is made available only to employees of the company, the intranet may also be an appropriate place.

A company must keep written records of the establishment and procedures of an internal reporting channel if they are required to have one. Among other things, this means that a company must be able to demonstrate that a whistleblowing unit has been appointed, that a reporting channel has been established to which reports can be made, and that the reporting channel has been designed following the requirements in the national law, that implements the Whistleblower Directive.

The Whistleblower System can be up and running in two weeks from the signing of the agreement. During this time, you will be provided with technical onboarding and have an online onboarding meeting with our Customer Success Team in your local language.

Do you still have a question? Feel free to contact us or book a demo of our solutions.​​

We are here to help! Whether you need clarification on our products, assistance with navigating our services, or simply want to learn more, do not hesitate to reach out.
Additionally, if you are interested in seeing our solutions in action, we would be happy to schedule a personalized demo tailored to your needs.