Article 61
1. Member States shall ensure that competent authorities establish effective and reliable mechanisms to encourage the reporting to competent authorities of potential or actual breaches of the national provisions transposing this Directive.
2. The mechanisms referred to in paragraph 1 shall include at least:
|
(a) |
specific procedures for the receipt of reports on breaches and their follow-up; |
|
(b) |
appropriate protection for employees or persons in a comparable position, of obliged entities who report breaches committed within the obliged entity; |
|
(c) |
appropriate protection for the accused person; |
|
(d) |
protection of personal data concerning both the person who reports the breaches and the natural person who is allegedly responsible for a breach, in compliance with the principles laid down in Directive 95/46/EC; |
|
(e) |
clear rules that ensure that confidentiality is guaranteed in all cases in relation to the person who reports the breaches committed within the obliged entity, unless disclosure is required by national law in the context of further investigations or subsequent judicial proceedings. |
3. Member States shall require obliged entities to have in place appropriate procedures for their employees, or persons in a comparable position, to report breaches internally through a specific, independent and anonymous channel, proportionate to the nature and size of the obliged entity concerned.