Whistleblowers Protection Act (full name: Protection of Persons Who Report Breaches or Publicly Disclose Information on Breaches Act) (the Act) was adopted at second reading on the Parliament’s last working day and promulgated in the State Gazette.
Below are the most important points you need to know:
The Act’s scope is broad, and concerns reports of breaches of the Bulgarian or European law across a broad spectrum, such as: public procurement; employment law; product safety and compliance; public health; consumer protection; food safety; financial services, products and markets and the prevention of money laundering and terrorist financing; privacy and personal data protection; transport security; environmental protection and many others.
In brief, the Act provides for:
The Act comes into effect on May 3, 2023. Employers in the private sector with 50 to 249 employees have to comply with the obligation to provide an internal reporting channel until December 17, 2023.
In order to ensure the processing of internal reports, employers are obliged to take a number of actions such as designating persons who will handle/review them, keeping a register of the reports, defining the terms and conditions for submitting reports and publishing them on the internet and in prominent places in their offices, etc.
In addition, the Personal Data Protection Act (PDPA) requires employers to adopt specific policies and procedures when using a reporting/whistleblowing system which contains information on the scope, obligations and methods of its implementation in practice. The application of the new Act could lead to the use of such a system, as well as to the need not only to update certain already existing documents relating to personal data protection (notices, registers under Article 30 GDPR, etc.) but also to develop and adopt such specific rules within the PDPA.
Last but not least, depending on how the rules and procedures under the Act are implemented, certain employment law requirements may also need to be complied with (e.g. ensuring that workers/employees are involved in the process of adopting the relevant acts).