What obligations originates the entry into force of Law 2/2023?

The entry into force of the Law gives rise to the following obligations:

  • The creation of a secure Internal Information System (internal channel), which must have the appropriate technical and organizational measures to preserve the identity of the informant and guarantee the confidentiality of the data corresponding to the affected persons and any third parties. It must also guarantee the presentation and processing of anonymous complaints.
  • Inform on the website or in an easily accessible way about the existence, use and operation of the internal information channel so that those people who are considering the possibility of reporting can make an informed decision about their convenience and about when and how to do it.
  • Regulate the channel management procedure for the diligent processing of communications or complaints in accordance with the Law and define a policy or strategy that must be made known within the organization.
  • Appoint a person in charge of the Internal Information System, who can be a natural person or a collegiate body.
  • Notify the competent Authority (in Catalonia, the Anti-Fraud Office) of the designation of the head of the Internal Information System.
  • Have a book-record of the information received and of the internal investigations to which they have given rise.
  • Inform, in a clear and accessible way, whoever communicates through the internal channel about the existence of the external channel.
  • Train staff on the duties and responsibilities related to the confidential treatment of alerts.