Whistleblowing in Malta is currently regulated by the Whistleblower Protection Act (Chapter 527 of the Laws of Malta), which protects whistleblowers from harmful actions for raising a legitimate disclosure about a practice. inappropriate, including corrupt practices, however, this law has limited application in that it only applies to certain government entities, voluntary organizations that raise more than € 500,000 in donations and public collections and, the few private sector organizations that employ more than 250 people and meet a very high threshold in terms of total record balance and / or annual turnover.
The European Directive on the Protection of Whistleblowers (2019/1937) was promulgated in December 2019 and EU Member States, including Malta, have until December 17, 2021 to transpose the directive. Employers with more than 250 employees will be required to comply with the new rules as soon as they are transposed. However, by way of derogation, a transitional period may be established for employers in the private sector employing 50 to 249 employees, in which case compliance with these legislation must be in place by December 17, 2023 at the latest. it has yet been announced whether Malta will adopt such a transition period.
The directive aims to promote a safe and secure way for people to report and denounce wrongdoing in their working environment. Private companies and public entities to which the Directive applies will need to put in place effective internal reporting channels, ensuring confidentiality and compliance with data protection laws. The directive aims to provide protection against harmful actions, including victimization when reporting. Companies must therefore have clear, easily accessible and free information on reporting procedures, protective measures, available remedies and access to advice.
Businesses need to assess their existing policies and determine whether they already are or will become obligated to deploy a whistleblower policy in conjunction with a full-fledged whistleblower system that works in practice. Launching a whistleblower mechanism does not happen overnight, rather it requires a detailed process that ensures that the system complies with whistleblower legislation, as well as ancillary rules such as GDPR, which is likely to justify a pre-launch data protection impact assessment exercise. HR teams and employees also need to be trained, knowing how to identify and manage alerts, as opposed to complaints handling and disciplinary processes.
We continue to monitor developments and will post further updates on this.