EU countries, the majority of them have no specific legislation or regulation on the subject.
A major headache for U.S. companies doing business overseas is the Whistle Blower systems and codes of conduct that should be tailored to comply with each European nation's data privacy laws.
Many U.S. companies didn't take the time or effort to adapt their codes of ethics and Whistle Blower mechanisms to EU data protection principles, and many companies "may not be fully informed or compliant with EU data protection laws."
Nearly two years after a German court ruled that Wal-Mart's proposed Whistle Blower process violated German law, creating headaches for U.S. multinationals trying to implement Whistle Blower systems to comply with Sarbanes-Oxley, Germany has finally published its own set of guidelines for companies to impose such systems without violating local laws.
France's data protection agency, the Commission Nationale de l'Informatique et des Libertes, issued guidance in November saying all businesses must get government approval of their Whistle Blower schemes after two American companies violated French data protection laws.
Some countries require companies to get approval from the data protection authorities to implement a Whistle Blower hotline. In France, Sarbanes-related hotlines must be approved by the CNIL (Commission Nationale de l'Informatique et des Libertes). In Germany, they must be approved by each company's Works Council.
To comply with the law, he says companies may need to set up separate Whistle Blower systems in each EU member state
Great Britain and Ireland, won't require approvals.
The French model [of online, speedy approval] is going to be adopted by other EU countries, but it's a country by country issue.
|
