SAPIN II and GDPR
This article is the overview of the webinar by Franklin Law Firm and D-Quest, Inc. Presenters of Franklin Law Firm were Ms Hélène Lebon, Mr Patrick Thiébart, and Mr Michel Sapin. Ms Lebon was a team leader of data security. Mr Thiébart was a partner lawyer and a co-head of the labour and employment law department of Franklin Law Firm. Mr Sapin was a senior advisor of Franklin Law Firm, who had supported several administrations as a minister. This webinar was held and recorded in July 2020, so all information in this presentation is accurate as of July 2020.
I. Overview of the SAPIN II Act (Mr Michel Sapin)
Mr Sapin mentioned aspects of the SAPIN II Act. This act led to the creation of a dedicated agency for anti-corruption. Also, this act is required to protect whistleblowers, including anonymity reporting.
II. Whistleblowing and the GDPR (Ms Hélène Lebon)
As a background of this presentation, Ms Lebon started by talking about the GDPR. Providing the Article 88 of the GDPR, she said that the GDPR was not just a rule for protecting personal data. He emphasized from the Article, “in respect of the processing of employees’ personal data in the employment context” and “the transfer of personal data within a group of undertakings, or a group of enterprises engaged in a joint economic activity.”
III. French Employment Law Trend of Labour-management Relations in France (Mr Patrick Thiébart)
Then, Mr Thiébart explained the history of whistleblower protection in France. It is the history from “Should individuals be giving the opportunity to sound an alert?” to “How to better protect whistleblowers?”
Also, he explained some articles of the Labour Code, which are provisions for the rights “to red flag and withdraw from unsafe working environments” and several CSE missions whose members of companies with more than 11 employees must organize every four years by-election. He additionally explained the necessity of implementing internal reporting procedures for companies with more than 50 employees.
IV. Labour Law and the Protection of Whistleblowers (Mr Patrick Thiébart)
First, he explained who is a legal whistleblower. Then, he defined a whistleblower as follows.
l A crime or a misdemeanor under French law
l A serious threat or harm to the public interest, of which he/she has personal knowledge
l A clear and serious breach of:
Ø A international commitment duly ratified or approved by France
Ø An act of an international organization pursuant to such engagement
Ø French laws or regulations
Then, he explained that the whistleblowers must observe the following steps.
1. To file a report to his or her line manager or employer or a person appointed by the employer
2. To inform French judicial, administrative or professional authorities
3. To alert the public/report to the press
Finally, in this section, he explained how the whistleblowers are protected from the perspectives of the criminal and labour laws.
V. Difficulties or Concerns of the SAPIN II for Foreign Companies (Ms Hélène Lebon)
In this section, Ms Lebon explained how difficult employers in France are. She picked up some issues from the perspectives of personal data protection, whistleblowers protection, and anti-corruption for employers who develop their business in France. That is, as well as we will encounter some issues with the GDPR for the personal data protection, we need to comply with the French Labour Law for the employee protection and the SAPIN II Act for anti-corruption.
VI. Guidelines Issued by the French Data Protection Authority (CNIL) Regarding the Implementation of Whistleblowing Schemes (Ms Hélène Lebon)
In the final part of this webinar, Ms Lebon lectured on the CNIL’s guidelines regarding implementing the whistleblowing scheme in France. Mainly, he explained the identity of the whistleblower, the categories of the personal data processed, the recipients of whistleblowing reports, and the retention of the personal data.