Though still very much a work in progress, with no enforcement expected before 2024, organizations would do well to start evaluating the impact of the draft NIS.2 directive proposal on their current security posture. The presentation of Mr. Pieter Byttebier (Centre for Cyber Security Belgium) is a very good start for this exercise.
Cyber Talk: Do’s and don’ts for the set-up of your whistleblowing system
1 June 2021 – Cyber Security Coalition
Time running out to get whistleblowing organized?
If you are an organization with 250 or more employees, you must have a whistleblowing system up and running by the end of this year. Get the ‘do’s and don’ts’ right!
The ‘European Directive on the protection of persons who report breaches of European law’ requires companies in many industries to have a ‘whistleblowing’ system up and running by December 17th of this year (250+ person companies), or by December 17th 2023 at the latest (50 – 249 person companies). Whether you are on top of this obligation, or only starting out, you will benefit from the cyber talk by Mona Caroline Chammas and Catherine de Dorlodot, respectively Founder and Expert Counsel at GOVERN&LAW, on ‘The do’s and don’ts for the set-up of your whistleblowing system’.
A whistleblowing system, that is yet another bothersome and expensive obligation? Actually, no. People very rarely abuse a whistleblowing system, while very often raising valid concerns (50+ percent of cases). But you must do it right, with strong attention paid to the anonymity and support of whistleblowers (they are often ‘fragile’). Do get management buy-in, with the right foundations (ethics, policies…) and with affinity for the required managerial courage (admitting to problem situations). A whistleblowing system is more than buying a tool (a phone works fine too), with a suitable balance between all aspects (security, specific laws, HR…) and a clear and well-communicated access for all in the organization. And go for a broad scope of topics.
A whistleblowing system can be organized internally (also with the help of outside services), or externally (calling upon a designated authority). Smaller companies can share a whistleblowing system. It is too expensive? Do understand that virtually all whistleblowers raise alerts ‘in good faith and in the interest of the company’, if offered the opportunity and means (thus e.g. rendering outside leaks to the press etc. unnecessary). Finding out about fraud and other messes will save money and avoid costs, making for an interesting ‘ROI’. Indeed, companies with whistleblowing systems find out more often and faster about infringements than companies without these systems. If you do not hear about any problems, it does not mean they are not festering in your company. So check out this presentation and www.whistleblowing.center, whether you are new to whistleblowing systems, or already well ahead.
Other blog posts
In this GDPR anniversary webinar, three privacy experts focus on the challenges they face when assessing and implementing government measures adopted in the fight against COVID19. The Corona pandemic has risen awareness of the importance of privacy, not only in our private life but also in the employer-employee relationship, and the need for a broader democratic testing of privacy threatening technologies.
One main objective of the European Cyber Security Act is to inform business and consumers about the security of ICT products, processes and services, through certification schemes. This webinar provides solid information about the present status of the Act's implementation.
This session of the Privacy Focus Group provides a valuable and practical primer for acquiring more insight in the issue of international data transfers after Schrems II and Brexit.
The webinar teaches you that information security must be handled in a structured way. Three Coalition members explain how frameworks such as CISM, NIST and ISO 27001 certification can support you in your role as CISO.