Skip to main content

On-demand webinar coming soon...

Blog

Comparing ISO 37002 and the EU Whistleblower Directive

How the voluntary ISO guidelines differ from the EU’s new whistleblower protection requirements

Kelly Maxwell, Content Marketing Specialist, OneTrust
July 19, 2022

Blue and violet gradient background

The European whistleblowing landscape has seen massive progress with the passage of the EU Whistleblowing Directive — and the ripple effects are being felt far beyond the EU’s borders. Take, for example, ISO 37002. Published within two years of the EU Whistleblowing Directive, this standard applies to a wide range of companies across the globe and provides best practices for a whistleblower management system.

What is ISO 37002?

ISO 37002 is a framework for setting up and maintaining a whistleblowing hotline that adheres to the highest standards as outlined by the International Organization for Standardization (ISO). In their own language, it provides “guidelines for establishing, implementing and maintaining an effective whistleblowing management system” based on the principles of trust, impartiality and protection in the following four steps:

  • Receiving reports of wrongdoing
  • Assessing reports of wrongdoing
  • Addressing reports of wrongdoing
  • Concluding whistleblowing cases

The ISO is an independent, non-governmental international organization, bringing together global experts to “share knowledge and develop voluntary, consensus-based, market relevant International Standards that support innovation and provide solutions to global challenges.” Its standards, including ISO 37002: Whistleblowing Management Systems, represent guidelines or best practices that organizations can adopt voluntarily. This sets ISO standards apart from regulations like the EU Whistleblower Directive, Sarbanes-Oxley in the United States, or Sapin II in France which companies are legally obligated to comply with.

Why should my company adopt ISO 37002?

The ISO recommends the adoption of ISO 37002 stating, “It can assist an organization to improve its existing whistleblowing policy and procedures, or to comply with applicable whistleblowing legislation.” This means ISO 37002 is a holistic and adaptable approach to establishing a whistleblowing management system that meets or exceeds regulatory requirements.

According to the ISO, adopting ISO 37002 will encourage whistleblowers to come forward and make case handling much more effective – improving your organization’s culture and governance, while reducing the risk of wrongdoing.

How does ISO 37002 differ from the EU Whistleblower Protection Directive?

The EU Whistleblower Protection Directive outlines a minimum set of protections for whistleblowers in Member States of the European Union, which must be implemented by organizations with 250+ workers (and by organizations with 50+ workers by December 17, 2023). The EU Directive focuses on whistleblower protections and empowerment; ISO 37002 focuses on the processes and systems a company uses to enable whistleblowers. Plus, the EU Whistleblower Directive is (as the name implies) a directive which must be transposed into law in all 27 EU Member States, while ISO 37002 is a set of guidelines that companies may voluntarily adopt.

From a tactical perspective, ISO 37002 recommends standards for processes, systems, and technology an organization must meet in order to follow through with whistleblower protections. ISO 37002 details voluntary guidelines for organizations who wish to establish their own compliant whistleblower management system anywhere in the world.

The two sets of guidelines complement one another, ensuring that any whistleblower protection standards put into place between now and the adoption of the EU Whistleblower Protection Directive will work together. Following both sets of guidelines could prevent companies from a costly whistleblower hotline implementation that ends up being non-compliant.

Both the EU Whistleblower Directive and ISO 37002 aim to protect whistleblowers and the confidentiality of the subsequent reports. Private, public, and not-for-profit organizations, regardless of employee count or geographic location, can adopt the ISO 37002’s guidance.

Want to learn more about the EU Whistleblower Directive? Check out our ultimate guide.

Establishing a compliant hotline

Whether your organization is a global enterprise with thousands of EU-based employees or a growing start-up that wants to set their hotline up according to the highest standards, OneTrust can help.

Request a free Helpline and Case Management demo today.


You may also like

Webinar

Privacy Management

Data Privacy Day 2025

Join this webinar to hear from a panel of expert privacy professionals as they dissect the key happenings in 2024 and how privacy professionals can approach what may occur in 2025.

January 21, 2025

Learn more

Webinar

Privacy Management

Revisiting IAPP DPC 2024: Top trends on the latest data protection developments

Join OneTrust and PA Consulting as we dive deeper into the key takeaways from the IAPP Europe Data Protection Congress 2024. Our speakers will provide actionable insights from the event on the latest developments in data protection, privacy, and AI. 

December 12, 2024

Learn more

Infographic

Privacy Automation

GDPR: Dos and don'ts

Navigating GDPR compliance can feel daunting, especially for businesses with limited resources. This quick infographic guide of actionable “dos” and “don’ts” will help you develop the foundation of a broader privacy-first approach that keeps you aligned with your GDPR compliance goals.

December 10, 2024

Learn more

Webinar

Privacy Automation

PIA and DPIA demo webinar with Data Privacy Group

Join our webinar to learn the benefits of automating your PIAs and DPIAs using the OneTrust platform

November 28, 2024

Learn more

eBook

Consent & Preferences

Mastering GDPR consent: A marketer's guide to simplifying compliance

Learn how to simplify GDPR consent management, stay compliant, and build trust with your audience. Download this practical guide for marketers.

October 17, 2024

Learn more

eBook

Privacy Management

Maturing your GDPR compliance program

This comprehensive eBook explores the key elements of a GDPR compliance program.

September 11, 2024

Learn more

Webinar

Speak-Up Program Management

EthicsConnect: Speak Up - Balancing Regulation with a Genuine 'Safe Space' for Employees

Network with fellow ethics professionals, collaborate in break out rooms, and learn how to over the challenges of meeting EU Whistleblower Directive compliance from experts.

June 13, 2024

Learn more

eBook

Privacy Management

Understanding data transfers under the GDPR ebook

In the ebook, we delve into the fallout from Schrems II and explore how organizations based in Europe can best navigate international data transfers under the GDPR.

June 05, 2024

Learn more

Webinar

Privacy Management

Preparing for a new regulation: Lesson learned from the GDPR businesses can apply to the EU AI act?

Join our panel of experts as we celebrate GDPR Anniversary and take a closer look at the relationship between the GDPR and AI Act.

May 23, 2024

Learn more

Webinar

Privacy Management

Navigating data privacy in 2024: Global regulatory updates & compliance strategies

Join our webinar for a comprehensive overview of the latest global data privacy regulations and updates impacting businesses in 2024 and how to prepare.

March 20, 2024

Learn more

Infographic

Privacy Management

OneTrust announces partnership with Europrivacy

Learn how OneTrust and Europrivacy's partnership can help your organization achieve GDPR compliance and build trust with your customers.

December 06, 2023

Learn more

Webinar

Technology Risk & Compliance

Demonstrating GDPR compliance with Europrivacy criteria: The European Data Protection Seal

Join our webinar to learn more about the European Data Protection Seal and to find out what the key advantages of getting certified.

November 30, 2023

Learn more

Webinar

Speak-Up Program Management

Navigating the EU Whistleblower Protection Directive: New rules, new risks

Join our expert-led webinar where we explore the EU Whistleblower Protection Directive and practical steps towards compliance. 

November 02, 2023

Learn more

Webinar

Privacy Management

Revisiting the ICO Data Protection Practitioner's Conference: Addressing your top challenges

Join OneTrust and KPMG UK to discuss the challenges of employee SARs, managing your breach response with third parties, and incident management.

October 25, 2023

Learn more

Infographic

Privacy & Data Governance

Understanding the EU Data Boundary

Download our free infographic and get the information you need to understand the EU Data Boundary and how to properly handle data in the European Union.

September 22, 2023

Learn more

Webinar

Privacy Management

Privacy in practice: PIA & DPIA with PA Consulting

Join OneTrust and PA Consulting as we discuss what makes an effective PIA, best practices, and the benefits of automation.

September 21, 2023

Learn more

Webinar

Privacy & Data Governance

Privacy in practice for data mapping: With PA Consulting and Syngenta

Join OneTrust and panelists from PA Consulting and Syngenta as we explore practical ways to build an effective data mapping program, best practices, and the need for automation.

September 14, 2023

Learn more

Webinar

Privacy Management

India's DPDPA: What you need to know

In this webinar, legal experts discuss India's newly enacted comprehensive privacy law, the Digital Personal Data Protection Act, 2023 ('DPDPA') 

September 12, 2023

Learn more

Webinar

Governance & Policy Management

EU-US DPF: What next for UK businesses?

Join our expert webinar as we discuss the upcoming UK-US DPF Extension and what UK businesses need to prepare to become DPF-certified.

September 06, 2023

Learn more

Webinar

Privacy Management

Unpacking the EU-US DPF

In this webinar, we cover the new EU-US Data Privacy Framework (EU-US DPF) and what privacy program managers need to know for post-Schrems II data transfers.

June 28, 2023

Learn more

Webinar

Privacy Management

New states, new dates: Preparing for Indiana, Montana, Tennessee and Florida state privacy laws

Join our expert panel where we examine upcoming privacy legislation in Indiana, Montana, Tennessee, and Florida and the key requirements of each law.

June 20, 2023

Learn more

Checklist

Privacy Management

The Revised FADP: 7 steps toward preparedness

Prepare for Switzerland’s Revised Federal Act on Data Protection (Revised FADP) when it comes into force on September 1, 2023 with our free compliance checklist.

June 15, 2023

Learn more

Infographic

Privacy & Data Governance

The 3 priorities of the French DPO: Gain visibility, take action, automate

Download our infographic and learn about the 3 priorities of the French DPO.

May 30, 2023

Learn more

Webinar

Privacy Management

Saudi Arabia's PDPL latest amendments: Are you ready?

Join OneTrust and Deloitte Middle East as we cover the latest changes to Saudia Arabia's Personal Data Protection Law (PDPL) and what it means for organizations in the KSA region.

May 30, 2023

Learn more

Webinar

Privacy Management

GDPR turns 5: Celebrating data protection

Northern Europe panel - Join our panel of experts as they recap the GDPR, its key concepts, and what it means for organizations and compliance. 

May 25, 2023

Learn more

Webinar

Privacy Management

Global Panel — GDPR & Tech: Key considerations of Privacy by Design and AI in tech

Join our panel of experts as we discuss the impact GDPR had on the tech industry during the past five years, the importance of privacy by design, and what to expect with AI and regulation.

May 25, 2023

Learn more

Webinar

Privacy Management

5 years of GDPR: Milestones, challenges, and opportunities

Eastern European panel - Watch our webinar as we look back on 5 years of the GDPR, AI, and their impact on Europe, the world, and your organization.

May 24, 2023

Learn more

Webinar

Privacy & Data Governance

Global Panel — GDPR & Healthcare: current regulatory guidance and enforcement

In this live webinar, our expert panel examines the first five years of the GDPR, how it changed the healthcare industry, and the changing global regulatory landscape.

May 24, 2023

Learn more

Webinar

Privacy Management

Global Panel — GDPR & Retail: building customer loyalty and trust with consent and privacy

Join us for a live panel as we discuss GDPR's impact on the retail and eCommerce industry and how companies evolved to meet the global regulatory landscape.

May 23, 2023

Learn more

eBook

Privacy Management

Getting started with GDPR compliance

This eBook covers the fundamental information you need to know in order to get your GDPR compliance program started and how OneTrust helps. 

May 23, 2023

Learn more

Infographic

Privacy Management

Comparing the FADP, Revised FADP, and the GDPR

Download our infographic to see how the Revised FADP compares with its original version and the GDPR.

May 23, 2023

Learn more

Webinar

Privacy Management

Global Panel — GDPR & Finance: Staying ahead of the regulatory and cyber landscape

How has the GDPR affected the financial industry? Join our live panel as we examine how it companies evolved to meet the regulatory challenges and what can be done to stay ahead of the curve.

May 22, 2023

Learn more

Webinar

Privacy Management

Understanding Washington's My Health My Data Act

The Washington My Health My Data Act was signed into law on April 27, 2023 and will be enacted the following year. Join OneTrust DataGuidance and a team of legal experts and get the knowledge you need for compliance.

May 18, 2023

Learn more

Infographic

Privacy Management

Comparing Canada's privacy laws infographic

Download this infographic to compare provisions in Alberta, British Colombia, and Quebec with those found at a federal level in PIPEDA and those proposed under the Consumer Privacy Protection Act.

May 18, 2023

Learn more

Blog

Privacy & Data Governance

Comparing US privacy law exemptions infographic

Learn how to navigate the new US privacy law exemptions and see how they compare.

May 01, 2023

Learn more

Webinar

Privacy & Data Governance

Iowa joins US privacy landscape with a new law

OneTrust DataGuidance’s webinar discusses Iowa’s CDPA, its similarities to other US privacy laws, its implications on organizations, and steps for compliance.

April 10, 2023

Learn more

Webinar

Privacy Automation

OneTrust and Deloitte UK - Data transfers: Assessments & safeguards

OneTrust's Center of Excellence and Deloitte UK will discuss data transfers and GDPR compliance, covering the UK stance, ICO/EDBP guidance, and more.

April 04, 2023 1 min read

Learn more

eBook

Privacy Management

The 3 Priorities for DPOs in France: Gain Visibility, Take Action, Automate eBook | Resources | OneTrust

French DPOs should take three priorities into account when building their data protection and compliance programs and processes in 2023.

February 21, 2023

Learn more

eBook

Consent & Preferences

The ultimate guide to consent and preferences in the healthcare sector

Download the guide to learn more about how to use consent and preferences to elevate patient and customer experiences in the healthcare sector.

February 15, 2023

Learn more

Webinar

Privacy & Data Governance

Data Protection in Financial Services Week: Government keynote and international transfers

This session will examine some key issues and recent developments on international data transfers with contributions from key EU, UK, and US regulators.

February 07, 2023

Learn more

eBook

Privacy & Data Governance

The Ultimate Guide to PIPEDA compliance eBook

Download this eBook to understand how to meet the requirements of Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

February 06, 2023

Learn more

eBook

Consent & Preferences

The ultimate guide to US opt-out requirements

Learn about the different opt-out requirements, such as a “Do Not Sell My Personal Information” in the US privacy landscape, and how to comply with them.

January 23, 2023

Learn more

Webinar

Consent & Preferences

Belgian DPA approves TCF action plan: Where we go from here

Belgian DPA approves IAB Europe’s action plan to correct its Transparency & Consent Framework (TCF) violations of the GDPR.

January 12, 2023

Learn more

Checklist

Consent & Preferences

8 steps to Quebec Law 25 compliance

Read our checklist to learn how to stay on top of Quebec Law 84, which introduces many new measures to Canada’s privacy landscape.

October 19, 2022

Learn more

Resource Kit

Consent & Preferences

Your marketer’s masterclass resource kit

OneTrust has created a range of resources to help marketing teams take a privacy-first approach that turns consumer trust into a competitive advantage.

September 06, 2022

Learn more

Webinar

Privacy & Data Governance

Keeping pace with the changing regulatory landscape: UK And EU updates webinar

Learn more about the privacy updates for the UK and the EU, what to expect in the coming year, and how to manage regulatory change.

August 15, 2022

Learn more

Webinar

Ethics Program Management

Local vs. central intake and case management: What the EU Whistleblower Directive requires

One of the challenges to come out of the EU Whistleblower Protection Directive is how companies should adopt local vs. centralized case management.

July 06, 2022

Learn more

Webinar

Ethics & Compliance

GDPR and the EU Whistleblower Protection Directive webinar

Join this webinar to learn how to review your whistleblowing processes to comply with the EU Whistleblower Protection Directive, the GDPR and others.

July 06, 2022

Learn more

Webinar

Ethics & Compliance

Evaluating hotline vendor compliance with the EU Whistleblower Protection Directive

Join us to learn how to choose a hotline vendor, and we also cover the onboarding and implementation process so that you can meet the Directive's deadline.

July 06, 2022

Learn more

Webinar

Ethics & Compliance

Whistleblower retaliation under the EU Whistleblower Protection Directive: the reverse burden of proof

Learn how to implement anti-retaliation measures, and how to detect retaliation throughout the whistleblowing process using some new and novel techniques.

July 05, 2022

Learn more

Checklist

Ethics & Compliance

EU Whistleblower Directive checklist

Assess your company's EU Whistleblower Directive compliance with this interactive checklist. 

June 16, 2022

Learn more

eBook

Ethics & Compliance

Ultimate guide to the EU Whistleblower Protection Directive

Download our free eBook on the EU Whistleblower Protection Directive learn its key requirements, who's protected, and answers to common questions. 

June 07, 2022

Learn more

Webinar

Privacy & Data Governance

The 'How': Practical implementation of the EU Whistleblower Directive

Watch this roundtable discussion by industry experts and the OneTrust Center of Excellence for Ethics to understand and prepare for the evolving Directive.

June 07, 2022

Learn more

Webinar

Privacy & Data Governance

4 years of GDPR

Watch our webinar on the last 4 years of GDPR compliance and trends for the future.

May 05, 2022

Learn more

Resource Kit

Privacy Management

Your US privacy masterclass resource kit

These resources provide key information on US privacy law through blogs, webinars, and eBooks.

April 26, 2022

Learn more

Webinar

Privacy Management

Privacy rights poland: Enhance Your DSAR process with automation, discovery & redaction

As part of our Privacy Automation webinar series, we discuss why it's important to automate DSAR fulfillment and the latest regulatory trends. 

April 03, 2022

Learn more

Infographic

Privacy & Data Governance

Saudi Arabia Personal Data Protection Law (PDPL) overview

Learn more about Saudi Arabia's Personal Data Protection Law (PDPL) and what companies need to know for compliance.

February 24, 2022

Learn more

Webinar

Privacy & Data Governance

Know your laws: Comparing CCPA & CPRA vs. GDPR

Watch this free webinar and see how the CCPA and CPRA compare with the GDPR.

January 04, 2022

Learn more

Infographic

Privacy & Data Governance

Employee rights under the CPRA

Download our infographic on employee rights under the CPRA to help prepare for the law's expansion in CPRA. 

December 07, 2021

Learn more

Checklist

Privacy & Data Governance

Transfer Impact Assessment (TIA) checklist

This Transfer Impact Assessment checklist provides an overview of the key steps you can take as you perform a TIA.

December 01, 2021

Learn more

eBook

Privacy & Data Governance

The ultimate guide to CCPA compliance

The Ultimate Guide to CCPA Compliance eBook highlights key compliance areas of  the CCPA that you should consider when building a privacy program.

December 01, 2021

Learn more

Infographic

GDPR's 8 fundamental data subject rights

Download our GDPR's 8 Fundamental Data Subject Rights infographic and learn more about the individual rights guaranteed under the EU's major privacy law. 

August 27, 2021

Learn more

eBook

Privacy & Data Governance

The ultimate guide to GDPR compliance

Download this eBook to get an ultimate guide to understanding the GDPR and implementing steps towards compliance.

August 26, 2021

Learn more

eBook

Privacy & Data Governance

10 steps to meeting the GDPR Article 30 requirement

Download this eBook and learn how to leverage data mapping for your GDPR Article 30 compliance program. 

July 22, 2021

Learn more

eBook

Privacy & Data Governance

Download this eBook for an overview of the Virginia Consumer Data Protection Act (CDPA) to understand what it means for organizations.

Download this eBook for an overview of the Virginia Consumer Data Protection Act (CDPA) to understand what it means for organizations.

July 22, 2021

Learn more

White Paper

Privacy Automation

Mastering PIAs & DPIAs: A complete handbook for privacy experts

Unlock the full potential of your privacy program with our complete handbook designed to equip privacy professionals with the essential tools and knowledge for establishing robust PIA and DPIA processes.

July 22, 2021

Learn more

Checklist

Privacy & Data Governance

GDPR compliance checklist

Download our GDPR compliance checklist for recommendations on improving your organization's privacy program. 

June 11, 2021

Learn more

Webinar

Privacy & Data Governance

CCPA compliance masterclass

Watch our OneTrust CCPA Masterclass Series and learn how to prepare your organization for CCPA compliance.

Learn more