🇩🇰 Denmark compliance
Whistleblower software for Denmark
In Danmark, Whistleblower-loven transposes EU Directive 2019/1937 and requires companies with 50+ employees to operate a confidential internal whistleblowing channel. Reports must be acknowledged within 7 days and answered substantively within 3 months. Administrative fines for non-compliance can reach DKK 100,000.
Confidly is a GDPR-compliant whistleblowing channel built for companies in Denmark (Danmark) operating under Whistleblower-loven (Whistleblowerloven). The intake form is auto-configured with the categories and disclosures Whistleblowerloven requires. Reporters can attach audio or video oral statements to a web submission; a native phone-hotline or voicemail channel is on roadmap. The mandatory 7-day acknowledgement and 3-month feedback updates are automated. Set up in 15 minutes. Hosted in the EU. Used by compliance teams from 50 to 5,000 employees.
| Law | Whistleblower-loven |
| In force since | 17 December 2021 |
| Who must comply | 50+ employees |
| Enforcement | Datatilsynet |
| Max fine | DKK 100,000 |
| Companies affected | ~12,000 companies with 50+ employees |
What Whistleblowerloven requires you to do
Whistleblower-loven transposes the EU Whistleblower Directive 2019/1937 into Denmark national law. The core obligations for companies above the threshold (50+ employees):
- Maintain a confidential internal reporting channel
- Acknowledge every report within 7 days
- Provide feedback to the reporter within 3 months
- Designate a person or unit to handle reports
- Protect the reporter from retaliation
- Keep records for the case duration + the audit window
In Denmark, enforcement sits with Datatilsynet. Maximum fines for non-compliance reach DKK 100,000.
Estimate your exposure under Whistleblowerloven with the fines calculator.
How Confidly covers Whistleblowerloven
- Country-specific intake template for Whistleblowerloven: the form is auto-configured with the categories, disclosures and fields the Denmark transposition requires. No manual setup per channel.
- Anonymous intake available where Denmark law permits. Reporters get a server-issued case code and their own 6-digit secret. No email, no IP, no identifier stored.
- Oral-statement attachments on every plan: reporters upload audio or video oral statements directly into the web form, with EXIF/metadata stripping. A staffed phone hotline or AI-transcribed voicemail channel is on roadmap, in support of the oral-reporting requirement that Whistleblowerloven carries from EU Directive 2019/1937 Art. 16.
- Form pre-translated into DA, EN. AI translates incoming reports to your working language on the admin side.
- Auto reporter status updates at 7 days (acknowledgement) and 3 months (status), in the reporter's language. Whistleblowerloven feedback obligation satisfied by default.
- AI investigation copilot (Pro): AI summarises, classifies severity, drafts neutral replies, and clusters multi-reporter patterns to surface systemic issues.
- Append-only audit log required for Datatilsynet audits. Every action recorded with actor, timestamp and metadata.
- EU data residency: all data stored in EU data centres. Per-channel residency on Enterprise (data for Denmark entities stays in Denmark). No third-country transfers.
- Native HRIS sync (Pro): Personio, BambooHR. Auto-revoke channel access on offboarding; flag when a named-in-report person leaves the company.
What does Confidly cost in Denmark?
Three plans, EUR-priced (VAT reverse-charged for EU B2B). Pick a tier by company size; everything else is included.
Frequently asked questions: Whistleblowerloven
- Is a whistleblowing channel mandatory in Denmark?
- Yes. Whistleblower-loven (Whistleblowerloven), the Denmark transposition of EU Directive 2019/1937, requires companies with 50+ employees to operate a confidential internal whistleblowing channel. The law has been in force since 17 December 2021.
- What are the fines for non-compliance with Whistleblowerloven?
- Maximum administrative fines under Whistleblowerloven reach DKK 100,000. Enforcement is carried out by Datatilsynet. Fines apply both for failing to establish a channel and for retaliation against reporters.
- Does Whistleblowerloven require anonymous reporting?
- Whistleblowerloven permits anonymous reporting where Denmark national law allows. Confidly's reporter UI issues a server-side case code and reporter-only secret (no email, IP address, or browser identifier is stored), so reporters can submit and follow up entirely anonymously.
- What are the timelines under Whistleblowerloven?
- Companies must acknowledge a report within 7 days of receipt and provide substantive feedback to the reporter within 3 months. Confidly's dashboard tracks both SLAs with automatic reminders.
- Is GDPR satisfied by Whistleblowerloven compliance?
- Whistleblowerloven compliance and GDPR are complementary, not equivalent. Confidly is hosted entirely in the EU, signs a GDPR-compliant Data Processing Agreement, and runs an append-only audit log that satisfies both Datatilsynet inspections and Article 30 GDPR records.
- How long does it take to deploy a whistleblowing channel for Denmark?
- 15 minutes for the channel itself. Branding, DA, EN translations, and policy import take an additional 1-2 hours. Most Denmark customers go live the same day they sign up.