The former draft law on whistleblowing channels has been superseded by Law 2/2023 on the protection of informants. This article is therefore updated as historical context and a practical explanation of what changed from the draft to the current obligation.
In this article we will discuss...
From draft law to Law 2/2023
Law 2/2023 regulates internal reporting systems, protection against retaliation and the guarantees that apply when a person reports regulatory infringements or corruption-related conduct.
Which companies should pay attention?
- Companies with 50 or more workers.
- Entities subject to sector-specific obligations, even with fewer employees.
- Organisations that already have internal channels and must adapt them to current law.
Data protection in whistleblowing channels
The channel involves processing personal data of informants, affected persons, witnesses and investigators. The AEPD has its own Informant Protection Channel, integrated into its internal reporting system.
For a full practical guide, see our updated article on the mandatory whistleblowing channel in Spain.
Conclusion
The question is no longer whether there will be a law, but how to comply with Law 2/2023: secure channel, confidentiality, deadlines, system manager, informant protection and data processing documentation.
