Secure and centralised Whistleblow system

Granite Whistleblow

ISO 27001 and GDPR-compliant, secure and user-friendly whistleblowing channel that meets the requirements of the EU directive.

EU Whistleblowing Directive — what is it about?

The EU Whistleblowing Directive is intended to ensure that whistleblowers who detect breaches of EU law in their work can report them without being subject to negative measures. The Directive requires acknowledgement of receipt and feedback to be given within a specified time limit.

What does the Whistleblowing Directive require?

The EU Whistleblowing Directive obliges the creation of a whistleblowing channel in which the whistleblower’s identity is protected. All reports of suspicions of misdemeanours must be recorded and processed professionally, and an acknowledgement of receipt must be given to the person submitting the report within seven days of receiving the report. A whistleblower must be given feedback on the handling of the report within three months.

Granite Whistleblow features

  • Receive whistleblower reports
  • Document the investigation and tasks
  • Meet the requirements of the Directive and legislation
With the Granite Whistleblow reporting tool, reports can be made anonymously via the channel or by the organisation’s own investigation or audit. Process the reports in a timely manner and conduct the investigation with high-quality documentation. The whistleblower receives a link and a PIN code to have an anonymous conversation with the processor. IP addresses are not stored in the Granite environment.

Secure and regularly audited service

  • A comprehensive data protection impact assessment (DPIA) has been carried out on Granite’s Whistleblow channel. The information security of Granite’s technical platform is audited comprehensively once every 12 months by an external expert
  • The data of all services is located in Finland in an ISO27001-certified data centre. The backups are located in another data centre in Finland
  • All data traffic between the user and the service is encrypted. The data on the servers is encrypted
  • No logs are created for activities performed by anonymous whistleblowers
  • Investigators’ and administrators’ actions, on the other hand, are recorded in detail, and there is an automatic audit trail for them, making it easy to check the activities performed by the users

Automate management measures and reporting

  • Granite’s Whistleblow channel also includes a comprehensive investigation and processing process. The investigation process guides the investigator to take into account the requirements of the Directive and GDPR with regard to deadlines and the processing of personal data, among other things
  • Our product automatically gives alerts of new reports and situations in which an investigation is not started fast enough
  • Granite Whistleblow also includes an anonymous real-time chat function between the whistleblower and the investigator. This makes it possible to request additional information and inform the whistleblower, even in completely anonymous notifications

Easy to use. Good reporting features. Well-structured templates.