The Whistleblower Protection Act (Official Gazette 46/22) regulates the whistleblowing procedure, whistleblower rights, obligations of public authorities, legal entities and natural persons with respect to whistleblowing and other issues relevant for whistleblowing and whistleblower protection.
Within the meaning of this Act, a whistleblower is a natural person who reports irregularities related to the performance of work for the employer, while a trusted person is an employee hired by the employer or a third party appointed to receive irregularity reports and to handle the whistleblowing procedure.
Irregularities are violations of the law and other regulations and negligent management of public goods, public funds and EU funds which endanger public interest and are related to the performance of work for a particular employer which affects financial interests of the European Union (including areas such as prevention of money laundering and terrorist financing, product safety and compliance, transport safety, environmental protection, radiation protection and nuclear safety, food and feed safety, animal health and welfare, public health, consumer protection, privacy and personal data protection and security of network and information systems, protection of competition, tax irregularities, etc.).
A whistleblower is entitled to protection in accordance with the whistleblowing procedures stipulated by the Act, legal protection, compensation, protection of identity and confidentiality.
A trusted person is obligated to:
The irregularity report must contain information about the reporting party, information about the person(s) being reported, description or information about the irregularity being reported and report date (Report Form).
Irregularity reports may be submitted using the prescribed form to the trusted person or their deputy by e-mail at: firstname.lastname@example.org.
Personal Data Processing
Any personal data processing, including the exchange or transmission of personal data to competent authorities, is carried out in accordance with the General Data Protection Regulation (GDPR) and national law. Personal data which is manifestly not relevant for the handling of a specific report will not be collected or, if accidentally collected, will be deleted without undue delay.