Frequently Asked Questions about the software Legality Whistleblowing

The complete Web and mobile App system for compliance in whistleblowing management

General information

What is Whistleblowing?

The term whistleblowing refers to the process by which an informant, the so-called whistleblower, reports illegal or fraudulent conduct within an organization.

The whistleblower is generally an employee who, while carrying out the work, becomes aware of wrongdoings, irregularities, illegal and potentially harmful behavior for the organization or the community and decides to report it within the public entity or company, authorities, or the media.

The whistleblower, therefore, plays a role of public interest, as informs the company or public entity he/she belongs to about the presence of issues and dangers related to the reported misconduct or unethical behaviour.

The whistleblower is protected by detailed national and international legislation which intends reporting as a manifestation of civic sense that helps prevent corruption and bring out situations that affect good administration, the interest of the company, or the community.

Would you fancy verifying if your organization is compliant with the legislation? Contact now one of our consultants.

Why is it mandatory by law to use software to manage Whistleblowing reports?

Firstly, because, for different types of companies and public entities, it is a regulatory obligation to use a secure tool that guarantees the encryption of information and the confidentiality of the whistleblower.

To comply with international legislation on Whistleblowing and avoid fines and amends, it is necessary to have a secure reporting management software that respects the rights and confidentiality of the whistleblower, ensuring full regulatory compliance to the organization that adopts it.

Whistleblowing software is also essential to obtain ISO 37001, ISO 37002, and ISO 37301 certifications, dedicated respectively to Anti-Bribery, Whistleblowing, and Compliance.

Using software also ensures a streamlined reporting management flow that favors the well-timed reports and the prevention of more serious crimes, allowing the organization to solve issues internally with important benefits on reputation and the resources employed.

From this point of view, therefore, managing offenses through a whistleblowing software system such as Legality Whistleblowing is not only a regulatory necessity (a so-called Legal Necessity), but also a moral and financial necessity for the organization, both in the public and private sector.

Is your organization compliant with national legislation and the EU Directive? Contact now one of our consultants to find out.

If managing whistleblowing with a software management system is a necessity, what are the advantages of Legality Whistleblowing?

Legality Whistleblowing is consistently developed following best practices on whistleblowing management and in compliance with national, European, and international regulatory guidelines. Among the many advantages offered, you can find:

  • Compliance with guidelines on personal data management (GDPR)
  • High custom configuration possibilities
  • Unlimited recipient users for reports
  • Voice reporting without telephone hotline
  • Associated mobile App to reach even users less confident with ICT
  • Continuous updates and new features available to all customers
  • Legislation updates guaranteed
  • Multilingual

Find out the details of the different plans available and suitable for your organization.

What types of illicit conduct can be reported and are subject to the Whistleblowing legislation?

Illicit conduct subject to whistleblowing legislation includes all those irregular, illegal, or potentially harmful behaviors for the organization or the community.

In the case of Public Entities, there are a variety of crimes against the entity itself and the community and also includes various types of abuses and irregularities compromising the proper functioning of the organization, such as waste, false declarations, accounting irregularities, etc.

In the case of companies, illicit is any misconduct and unethical behaviour that violates the law and infringes either the principle of impartiality or company regulations, including cases of corruption, fraud, and situations harmful to collective health and safety or that generate any damage to third parties.

Such conduct is therefore different from any unlawful conduct harmful to the personal interest of the individual employee or collaborator.

Anyone reporting unlawful facts detected during work shows an ethically correct involvement and is invited to provide as many details as possible of the reported facts, reporting precise information on the times and places in which the fact occurred and providing useful elements for identifying the perpetrator of the facts reported.

Find out more about how our Legality Whistleblowing system meets the needs of every type of organization subject to regulatory compliance in managing reports of illegal conduct.

Does your organization want to avoid fines and amends by adopting a compliant IT tool? Contact one of our consultants immediately for an obligation-free quote.

Is the software available in different languages?

The desktop platform and the Mobile Legality Whistleblowing App are available in over ten professionally translated languages.

In addition to the most popular languages, the application can be configured upon request in additional languages based on the customer’s needs.

User guides, ticket support, and assistance via phone are guaranteed in Italian, English, and Spanish.

Request a custom Demo now.

Who can send Whistleblowing reports?

The whistleblower who uses an IT system to send the report of an offense can be an employee or a collaborator of the institution or company.

The possibility of sending reports is also extended to employees or collaborators of a supplier who have witnessed an offense.

All the categories of whistleblowers listed are protected by law and have the right to have a secure IT system such as Legality Whistleblowing, capable of offering technical guarantees of confidentiality of the whistleblower applied during all phases of reports management.

What guarantees are offered to whistleblowers by Legality Whistleblowing?

Anonymity, where provided, and the extreme protection of the confidentiality of the whistleblower of offenses and irregularities are at the heart of the national legislation as well as of the EU Directive. This legislation is applicable both in the public and in the private sector in all member states of the European Union.

DigitalPA is committed to applying industry best practices and translating these regulatory requirements into an excellent IT tool that guarantees maximum security and total confidentiality of data and privacy. In fact, our whistleblowing management system:

  • Allows both anonymous and confidential reports.
  • Offers an encryption system both in the transmission of data and in their conservation and, when included, the name of the reporting party is separated from the report.
  • Is supported by a certified and secure infrastructure consisting of dedicated DigitalPA servers that ensure maximum data protection and security levels thanks to the ISO IEC 27001/2017 certifications obtained with a maximum rating (Tier IV).
  • Allows you to manage the identity of the whistleblower and access to the platform in a way fully compliant with the GDPR Regulation.

Find out all the details on Infrastructure and Security.

Why does a simple email or certified email not comply with the legislation for sending a report of offenses?

The EU Directive states clearly the rules for whistleblowing management and refers to the obligation to use a secure and compliant software system.

The use of email or certified electronic email is deprecated and cannot be considered an IT channel that guarantees the confidentiality of the identity of the whistleblower required by law, as it does not ensure a protected and secure workflow, and can be intercepted by third parties involved in email management.

A tool like an email is not compliant, but simply a shortcut that produces vulnerabilities and management difficulties resulting in a solution that both public entities and companies should not take seriously into consideration.

Only a software management system can guarantee a correct flow of communication: Legality Whistleblowing ensures global compliance with legislations, as well as optimized management of cases, with automatic assignments to managers based on the type of report, and highly qualified technical assistance.

Do you want to check if your organization is compliant with national legislation and the EU Directive? Contact now one of our consultants.

How are reports handled in compliance with the law?

DigitalPA supports organizations and companies in the whistleblowing system setup phase: the cases management workflow is very simple and immediate thanks to the setting of different automatisms, including the automatic assignment of reports to specific managers.

Following the receipt of the reports, the managers must begin an investigation phase on the reported facts, and the system must allow the initiation of two-way communication with the whistleblowers, who may be invited to provide clarifications or further information and who can be updated about the progress of the status of the report.

Access to reports and sensitive data of the whistleblower, when provided, must be protected by specific permissions and by a secure infrastructure that allows effective communication avoiding any information leakage, respects anonymity and confidentiality. Everything is in total compliance with the law, which requires reports to be managed keeping separated the report archive and the dossier of whistleblower information. Exactly as it happens in Legality Whistleblowing.

Do you want to deep dive into how our whistleblowing cases management system works? Request a Demo now!

Is it possible to use the platform for multiple companies?

Yes, it is possible to configure the software in multi-tenant mode. Each company will have specific group of managers and recipients of the reports based on the business and compliance needs.

Request now a quote from one of our consultants.

How do I log in to the system?

The Web and App Legality Whistleblowing is a multi-channel SaaS service, intuitive and accessible via a web browser and also available in the mobile App version (downloadable free of charge by the whistleblower).

The use of the software does not require the involvement of IT resources within the company or organization.

Learn more about the technical features of the system on the page dedicated to Infrastructure and Security.

What features does the Legality Whistleblowing platform include?

The Web platform and App Legality Whistleblowing include all the functionalities useful to manage any case of wrongdoing reporting in a compliant and secure way.

Specifically, on the reporting side it is possible to configure:

  • Unlimited reporting users (employees and/or stakeholders)
  • Anonymous or registered reports (at the client’s convenience)
  • Written reports
  • Voice reports (in line with the EU Directive 1937/2019)
  • Unlimited types and configurable reporting forms

Looking at the reports management by the organization, on the other hand, different features and configurations are available:

  • Unlimited reporting recipients
  • Segregation of Duties (Manager, Collaborator, Third parties)
  • Automatic assignment to the appropriate, predefined manager for that type of report
  • Deadline calendar, notifications
  • Single Sign-ON upon request
  • Multi-company upon request
  • Customization of the platform (graphics and management flows)
  • Services and Assistance
  • Statistics and advanced reporting

To fully ensure compliance and avoid any potential fine or amend, technical and law updates are always included in the fee.

Legality Whistleblowing is a SaaS software and does not require programming or installation on the servers of the organization. The installation of the application on the customer’s internal servers does not guarantee the confidentiality of the reports as the internal IT services may have access to the information, exposing data to vulnerabilities.

Request now a custom Demo offered by one of our consultants.

Is it possible to manage voice reports?

Yes, it is possible to configure a voice channel on the web platform and also through the Legality Whistleblowing App. The whole process can be managed through the exchange of voice messages or also mixing voice and text modes. The use of the voice channel allows compliance with the Directive (EU) 2019/1937 as it provides the chance of attaching documents to the voice report or using the voice report as an integration of a report sent via the form.

Find out the details of the EU legislation and how Legality Whistleblowing is totally compliant, secure, and constantly updated with current regulations by contacting one of our consultants.

Is also a “telephone hotline” available?

No, voice reporting is only managed internally on the platform or mobile App. The use of external tools such as telephone hotlines and call centers is absolutely not up to regulatory standards. External tools are deprecated from the point of view of security and regulatory compliance of the application, as they do not guarantee secrecy and can cause possible data leaks, undermining the legal value of the report.

Furthermore, mediated reporting does not respect the integrity parameters requested by law.

The use of the telephone is outdated for different reasons related to confidentiality, management costs, and the quality of the service. Only if the report is made directly to those who have to manage it within the organization, compliance, confidentiality, privacy, and above all the quality of the service can be guaranteed.

In fact, only when the manager directly receives the report can be assured extreme care and quality in the management of each case, something that a call center, even if specialized, cannot match.

How many users can use the Legality Whistleblowing system?

There are no limits or additional costs on the number of recipient users or managers of the reports. Everyone (managers working in HR, compliance, anti-bribery as well as internal auditors and external subjects) can have an account with specific permissions to access the reports they are responsible for.

All available plans include the setup of an unlimited number of managers: choose the plan that best suits your organization.

What happens to the public or private employee who reports an illicit conduct through a whistleblowing software?

Anyone who reports illicit conduct cannot be sanctioned, demoted or fired because of the report.

Likewise, the whistleblower, whether public or private employee, cannot be subjected to direct or indirect pressure or discrimination affecting working conditions for any reason related to the report.

The whistleblower who suffers such disciplinary measures, or other retaliatory or discriminatory actions, can communicate them directly or through the trade union organizations.

Discover all the regulatory references relating to whistlebloging management.

Confidentiality and Security

What is the difference between confidentiality and anonymity of the report?

Confidentiality means extreme caution and the prohibition of disclosure of the whistleblower identity.

By anonymity, on the other hand, we mean the possibility of offering a reporting channel that does not require registration and the obligation to indicate personal details.

The Legality Whistleblowing platform offers both reporting channels, welcoming the regulatory indications for both the public and private sectors. You can configure the software with both channels, or even with one of the two depending on your needs.

Request now a custom quote to one of our consultants.

How is the confidentiality of the whistleblower’s identity guaranteed?

Thanks to the clear separation between the identity of the whistleblower and the report itself, Legality Whistleblowing guarantees full compliance with the confidentiality of the report.

In fact, the separation allows the content of the report to be viewed also anonymously. Any subsequent association of this report with the identity of the whistleblower is used only when deemed essential for the investigation, for example in cases where the person in charge of managing the report must request clarification and verify the facts.

Find out more about the Infrastructure Security of Legality Whistleblowing.

What are the security protocols for the protection of the reporting party’s personal data?

Legality Whistleblowing is developed and managed following the principles of Privacy by Default and Privacy by Design, and adhering to the most severe and advanced protocols for the protection of personal data and ISO 27001 Standard.

The protection of the reporter personal data is guaranteed specifically by:

  • Separation of the identity of the whistleblower from the content of the reports
  • Asymmetric encryption on content and attachments
  • App authentication via biometric credentials (fingerprint, facial recognition, etc)
  • Regulated access following GDPR with password complexity and quarterly password change (EU Regulation 2016/679)
  • Two-factor authentication
  • Sending to the reporter, by e-mail or certified e-mail, the fingerprint of the messages to guarantee the immutability of the reports (which can be activated at the discretion of the client)

System security is also confirmed by Vulnerabilty Assessment & Penetration Testing by external IT security experts carried out regularly or available upon request.

Finally, all data is stored within the EU confirming once again the regulatory compliance of the software concerning the protection of information.

Is your organization compliant with national legislation and the EU Directive? Contact one of our consultants immediately.

Legislation and Compliance

What are the regulatory obligations regarding whistleblowing management?

The main reference legislation for the regulation of wrongdoing reporting at the European level is the EU Directive no. 1937 of 23 October 2019 which establishes new rules to protect whistleblowers who reveal violations of Community law in sectors such as public procurement, financial services, money laundering, product, and transport safety, nuclear safety, public health, consumer and data protection.

The Directive requires all companies with more than 50 employees or an annual turnover of more than 10 million euros to establish safe internal channels for reporting offenses. All states, regional administrations, and municipalities with more than 10 thousand inhabitants are included in the new obligation.

By adopting Legality Whistleblowing, your organization guarantees a fully compliant IT system that complies with any regulatory update within 30 days of the publication of the standard.

Learn more by consulting the page dedicated to the Regulations, or contact a consultant to find out in detail which regulations apply in the countries where your organization operates.

Is Legality Whistleblowing compliant with the GDPR and EU legislation?

Yes. The main elements that guarantee the compliance of the Web and App system Legality Whistleblowing with the GDPR Regulation and the EU Directive 2019/1937 are:

  • Confidentiality of the whistleblower data
  • Application of strict IT security protocols
  • Highly secure methods to access the system
  • Data processing and storage within the EU
  • Multichannel configuration, thanks to the possibility of sending voice reports, as well as written ones.

Is your organization compliant with EU Directives? Contact us to receive an obligation-free consultation.

What international certifications can a company obtain using the Legality Whistleblowing software?

Thanks to the advanced security protocols and compliance with law, Legality Whistleblowing allows organizations adopting the platform to obtain different international ISO certifications, such as:

  • ISO 37001 – Anti-Bribery Management
  • ISO 37002 – Whistleblowing Management
  • ISO 37301 – Compliance Management

Certified adherence to ISO Standards offers, especially in the corporate environment, various benefits including greater business opportunities, greater trust from partners and customers, and demonstrates the company’s commitment to mitigating reputational risk and managing the risk of compliance.

Do you want to check if your company is ISO Standard compliant? Contact us for an obligation-free consultation.

Costs and Services

What is the cost of the plans and what services are included?

The Legality Whistleblowing software is offered with no licensing fee. The fee refers to:

  • Regulatory adaptation (within 30 days from the publication of the law)
  • Evolutionary adaptation, that is the constant update to the latest and more advanced technologies increasing performances and security
  • Support manuals and video guides for using the software
  • Technical support
  • Remote training (3 hours)

The cost of the plan varies according to the specific functionalities activated, the size of the organization, the need for preliminary training, the duration of the contract, and any requests for graphic and functional customization.

Consult the plans available for your organization and request a custom quote now.

How long does it take to activate the Web platform and the App?

The Legality whistleblowing system offered by DigitalPA has the advantage of being out-of-the-box and available very quickly assuring immediate verifiable regulatory compliance.

Furthermore, the availability of the service in Saas mode does not involve internal IT resources.

Contact a consultant to find out more and get a custom quote based on your needs.

Is it possible to customize the platform and make changes to the reporting system?

Yes, the reporting management system can be customized according to the needs of each organization, thanks to the configuration, for example, of reporting categories and the users responsible for their management.

The flexibility of the platform is also confirmed by the possibility for the organization to make available to the whistleblower a reporting system accessible with or without registration, or by offering both options.

The customization also extends to the adaptation of the layout to the brand identity of the organization, and to the inclusion of custom content and policies.

The home page of the platform and the App can be further customized upon request.

It is also possible, upon request, to integrate the platform with the customer’s Active Directory.


Are technical support and assistance included?

A complete and reliable solution such as Legality Whistleblowing cannot be separated from 5-star technical support and assistance. Our team of specialists, with years of experience in the field of whistleblowing, ensures and guarantees immediate support absolutely included in the platform usage fee.

The user guides, ticket support, and assistance via telephone are guaranteed in Italian, English, and Spanish.

If further regulatory or training support is required, DigitalPA also offers specialized consultancy that can be quoted separately.

Talk to a DigitalPA consultant to find out more.

Contact us