Poland – New Act on the protection of whistleblowers

Loza Salam
Loza Salam
  • 2m read
  • August 13, 2024

What’s new?

On 24 June 2024, Poland published the Whistleblower Protection Act (Act). The Act establishes rules and procedures aimed at protecting whistleblowers. Entities employing 50 or more people must establish internal whistleblowing procedures.

To whom does the Act apply?

The headcount threshold is assessed as of 1 January or 1 July of a given year and includes employees and persons performing paid work on a basis other than employment. No threshold applies to companies conducting financial, transport safety and environmental protection activities, who must have an internal whistleblowing procedure in place irrespective of the number of employees.

Who is a whistleblower?

A whistleblower is an individual who reports certain types of wrongdoing in a work-related context. Whistleblowers can report on breaches of the law in areas such as money laundering, data protection, and safety compliance, among others.

What are the employer’s obligations?

An internal reporting procedure must be established following 5 – 10 days of consultations with workplace trade unions or, in the absence of a trade union, representatives of persons performing work for the legal entity. The internal reporting procedure enters into force seven days after being communicated to employees.

The internal reporting procedure must include:

  • A designated person who is authorised to received internal reports.
  • How the internal reports should be transmitted (reporting channels).
  • Who is authorised to take follow up actions, including investigations.
  • A procedure for dealing with anonymous reports.
  • The obligation to confirm receipt of the report to the whistleblower and the maximum time for providing a reply.
  • The duty for follow-up actions to be undertaken with due care.
  • Comprehensive information on how to submit an external report to the Commissioner for Human Rights or other appropriate authority.

What are the penalties for violating the Act?

An internal reporting procedure must be established following 5 – 10 days of consultations with workplace trade unions or, in the absence of a trade union, representatives of persons performing work for the legal entity. The internal reporting procedure enters into force seven days after being communicated to employees.

So, what should employers do now?

Employers should set up internal reporting channels, develop or review internal policies regarding reporting irregularities, establish internal reporting procedures and give appropriate training to individuals designated as being responsible for managing reports. If you need any support with this or would any further information, please get in touch with a member of the MDR ONE team.

TECH-ENABLED EMPLOYMENT LAW SUPPORT

Putting Legal and HR teams in control

Access global employment law support through our bespoke self-service portal.

FIND OUT MORE

Resource Centre

Article, Legal Updates

Spain: Amendments to employment termination for permanent incapacity

Employment contracts can no longer be automatically terminated solely due to an employee being declared permanently incapacitated. Instead, employers must first explore maintaining employment through reasonable accommodations, a change driven by CJEU ruling upholding EU disability protections.
View
Article, Legal Updates

Italy: Unfair dismissal in small businesses

Up until 21st July 2025, unfair dismissal awards for non-dirigenti (i.e. non-senior / executive) employees hired after March 7, 2015 at small businesses (those with less than 15 employees in the single business unit or in the same town, and less than 60 overall in Italy) were capped at 6 months' salary in damages (save in cases where the termination was discriminatory/retaliatory).
View
abstract glass building
Article

Introducing AI in the workplace in France

For the first time, a French court has addressed an employer's use of Artificial Intelligence (AI). The court declared that the introduction of AI tools as a pilot phase, including the training of employees on how to use the tools, went further than mere 'experimentation' and triggered the requirement to consult with their works council beforehand.
View
Download

Data protection impact assessment checklist

This checklist is designed to guide you through the steps of conducting a DPIA, ensuring that you not only comply with the UK General Data Protection Regulation but also integrate best practices into your data processing activities. It will assist you in determining when a DPIA is necessary, how to carry it out effectively, and what measures to take following the assessment.  
View

How can we help you?

I'm looking for advice Subscribe: I'd like to keep in touch
I'm looking for advice


Subscribe to our mailings


MDR ONE
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.