Privacy and compliance experts warn that the GDPR leaves gray areas when it comes to data collected via whistleblowing hotlines, which often channel highly sensitive allegations from corporate staff to management.
Questions range from how the rules will apply to whistleblowing on a national basis, to how big fines for violations will be, and how to balance individuals’ privacy rights against companies’ need to pursue investigations.
Vera Cherepanova, a compliance consultant based in Milan, comments, “For compliance officers, the problem is that we are not the center. We are not the key concept of the GDPR and basically no one is issuing any official information for us.”