Glossary
Audit Log
An append-only record of every action taken on a whistleblower case, used to demonstrate compliance to regulators. Existing entries cannot be modified or deleted, only new entries added. Auditors at competent authorities such as Germany's Bundesamt für Justiz typically request the audit log first when inspecting a channel for EU Directive 2019/1937 Article 18 compliance.
Full definition
An audit log is a tamper-evident, chronologically-ordered record of every action performed on a case: who did what, when, with what metadata. Append-only means existing entries cannot be modified or deleted, only new entries added. Auditors at competent authorities (e.g., Bundesamt für Justiz in Germany) typically request the audit log first when inspecting compliance. Confidly's audit log is cryptographically hash-chained and exportable as JSON or CSV, satisfying both EU Directive 2019/1937 Article 18 recordkeeping requirements and GDPR Article 30.
Related terms
- Case Handler The trained individual inside an organisation who triages, investigates, and resolves whistleblower reports. Under EU Directive 2019/1937 Article 9 the case handler must acknowledge receipt within 7 days, maintain confidentiality, log every action, and deliver substantive feedback within 3 months. Case handlers must be free of conflicts of interest and trained in trauma-informed interviewing.
- Recordkeeping The legal obligation to retain documentation of every whistleblower report and its handling. EU Directive 2019/1937 Article 18 requires records be kept as long as necessary and proportionate. National transpositions vary: Germany sets 3 years, France sets case duration plus 3 years, Spain sets 10 years for criminal cases. The obligation justifies derogation from GDPR erasure.
- GDPR Regulation (EU) 2016/679, the General Data Protection Regulation, governs processing of personal data of EU residents. Whistleblowing channels process personal data of the reporter, the person reported on, and third parties named in the report. Key articles: Art. 6 (legal basis), Art. 5 (minimisation), Art. 9 (special categories), Art. 17 (erasure), and Art. 30 (records).