What is the procedure and format for submitting signals to the Ombudsman under Article 3 of the Whistleblowers Protection Act (also known as WPA or ЗЗЛПСПОИН in Bulgarian)?
In order to be able to quickly prevent a violation or remedy the consequences of a violation within the scope of Article 30(3) of the WPA, complaints and reports to the Ombudsman need to be submitted as follows:
Information on the powers of the Ombudsman of the Republic of Bulgaria under Article 30 of the Law on Protection of Persons, Reporting Information, or Publicly Disclosing Information about Breaches (Whistleblowers Protection Act or WPA)
In 2023 the Ombudsman of the Republic of Bulgaria took on a new role, expanding its multidirectional advocacy for the rights and freedoms of citizens, with the mandate to conduct external audits of whistleblowing activities and whistleblower protection under Article 30 of the Whistleblowers Protection Act, as well as to receive and review complaints against the Commission for Personal Data Protection, including for failure to protect whistleblowers or confidentiality breaches.
This new function was introduced by §5 of the Final Provisions of the Whistleblower Protection Act (State Gazette No. 11 of 2 February 2023, in force as of 04.05.2023), which created point 14 in Article 19(1) of the Ombudsman Act. This extends the powers of the Ombudsman to conduct external channel audits of whistleblower protection activities under the Whistleblower Protection Act.
As per this new mandate, since October 2023 the Ombudsman institution established a new Directorate for the Audit of Whistleblowing and Whistleblower Protection. The institution of the Ombudsman has since engaged in capacity-building as well as drafting of methodology and rules for the independent external audit of the activities of the Commission for Personal Data Protection (the central body tasked to receive external whistleblowing complaints and to ensure protection of whistleblowers in Bulgaria, as per Article 19 of WPA).
The Ombudsman conducts on-site checks of the work of the external whistleblowing channel (the CPDP), which includes evaluating: deadline compliance with whistleblowers’ protection requests; the quality of interaction between the CPDP and the other competent authorities (as per Article 20 of WPA); the compliance of the CPDP’s registers with the WPA; and other aspects of the CPDP's activities that allow for an assessment of its whistleblowing protection work’s effectiveness (Article 30(1) and (2) of WPA).
In its annual report to the National Parliament, the Ombudsman includes information on its audits of CPDP's performance in implementing the WPA.
Conditions and procedure for submitting complaints to the Ombudsman under Article 30(3) of the Whistleblowers Protection Act
Pursuant to Article 30(3) of the WPA, the Ombudsman receives and examines complaints against the Commission for the Protection of Personal Data from whistleblowers, including for failure to protect or breaches of confidentiality of their information.
- Who can report?
- How can a whistleblower file a complaint under the WPA?
- What protections does the law provide for whistleblowers?
- Who can file a whistleblower complaint to the Ombudsman against the CPDP?
The information on this page relates to persons who have already submitted a complaint/alert to the Commission for Personal Data Protection (CPDP) under the Whistleblowers Protection Act and believe that: their whistleblowing complaint has not been dealt with properly; or there has been a delay in the Commission's decision; or there has been maladministration; or they have not received adequate protection; or there have been confidentiality or other breaches.
The whistleblower reports submitted to the CPDP under the WPA, can concern violations of Bulgarian legislation or acts of the European Union in certain areas, including but not limited to: public procurement; financial services; prevention of money laundering and terrorist financing; safety and radiation protection and nuclear safety; food and feed safety; animal health and welfare; public health; consumer protection; protection of privacy and personal data; network and information security.
A whistleblower’s complaints/alerts under the WPA may cover any of the following: infringements affecting the financial interests of the European Union and infringements of internal market rules, including EU rules and Bulgarian competition or State aid legislation; infringements in cross-border tax schemes intended to obtain a tax advantage contrary to the object or purpose of the applicable corporate tax law; an offence of a general nature of which the whistleblower has become aware in because of their work or in the performance their official duties; violations of Bulgarian law in the field of the rules for payment of public state and municipal claims, violations of labour law and of legislation related to the performance of public service.
Examination of complaints and alerts under Article 30(3) of the WPA
In order to preserve the identity of the complainants, the complaints/alerts received by the Ombudsman institution under Article 30(3) of WPA shall be registered by an employee of the Directorate for Audit of Whistleblowing and Whistleblower Protection in a separate section of the electronic system of the Ombudsman institution.
The examination of complaints and alerts under Article 30(3) of WPA shall be carried out by the staff of the Audit of Whistleblowing and Whistleblower Protection Directorate in compliance with the requirements of the Ombudsman Act and the Rules on the Organization and the Activities of the Ombudsman.
Upon examination of the complaint/alert, at the discretion of the Ombudsman or their delegate, or upon the proposal of the Director of the Audit of Whistleblowing and Whistleblower Protection Directorate, an unannounced on-the-spot check may be carried out at the CPDP premises.