Frequently asked questions about whistleblowing
Here you will find answers to the most common questions about Heimdal's whistleblowing system.
Heimdal Whistleblowing System is a complete system that helps organizations comply with all requirements according to the Whistleblower Protection Act (2021:890) and the EU Whistleblower Directive. The system enables anonymous reporting of misconduct and gives organizations tools to handle whistleblowing in a secure and lawful manner.
The Whistleblower Protection Act came into force in December 2023 and requires all employers with at least 50 employees to have a functioning reporting system according to law. Certain businesses in the financial sector and anti-money laundering regulations may also be required to have a system with fewer employees due to special EU rules. Companies need a system that meets all requirements.
Below we have compiled the most common questions about how the system works, security, implementation and legal compliance. More information about reporting, requirements and features is available in the documentation. If you do not find an answer to your question, please contact us directly. Read more about the system below.
Yes. The person reporting/whistleblowing in the tool can choose to be anonymous and receives a unique key/link for an encrypted two-way chat. The system does not log identity information in the channel and no metadata is saved - only the information and documents that the reporter themselves provide are available to the report recipient. Information about anonymity is available in the documentation.
All dialogue takes place in Heimdal's encrypted system where cases are secured with an anonymous access key and encryption. The system enables reporting without revealing identity. Case handlers can ask follow-up questions and the reporter/whistleblower can answer - without email/phone number being shared. More information about how the system works is available.
Yes. The system displays deadlines and sends reminders so that no deadlines are missed, such as receipt confirmation within 7 days and feedback within 3 months.
Heimdal Whistleblowing System is designed to comply with all requirements according to applicable legislation regarding communication, encryption, deadlines and GDPR. The system meets requirements according to the Whistleblower Protection Act. We also provide a standardized whistleblowing policy along with a procedure template to ensure legal compliance. Information about all requirements is available in the documentation.
Email your requests as a case to us, and we will contact the authorized person at your organization to correct recipient information or add multiple report recipients within your organization. The system supports multiple recipients and you will receive information on how to add other recipients.
All our data is stored within the EU.
The agreement runs annually (12 months) from order confirmation. Termination can be made no later than one month before the end of the 12-month period. After that, the agreement continues with a new 12-month period.
Yes, most types of files and documents can be uploaded in the communication to enable investigation and feedback. The system supports different file types for reporting. Note that files can always carry metadata and should be avoided for full anonymity. More information about reporting is available in the documentation.
Yes, you can add your own logo to customize your environment.
Heimdal strives for good accessibility and we continuously improve our whistleblowing service according to WCAG (Web Content Accessibility Guidelines) principles to make the service accessible and user-friendly for everyone. Heimdal's whistleblowing service currently complies with WCAG 2.2 AA.
Absolutely. Heimdal Whistleblowing System is designed to meet obligations related to information security, incident reporting and risk management for companies covered by NIS2. At the same time, the platform meets all requirements according to the Whistleblower Protection Act (2021:890) - including secure anonymity, documentation and internal control. The system meets all requirements. We also provide templates for whistleblowing policy and investigation procedures. More information about requirements and compliance is available.