anonym.legal
United Kingdom — UK GDPR & DPA 2018

Anonymise Whistleblowing Reports for Investigation and Governance Review – UK GDPR-compliant anonymisation per ERA 1996 s.43A

Whistleblowing reports made under the protected disclosure provisions of the Employment Rights Act 1996 identify the discloser, the subject of the disclosure, and the alleged wrongdoing in detail. anonym.legal pseudonymises this personal data so that protected disclosures can be reviewed by governance committees, internal audit, or external investigators without prematurely revealing the identities of the discloser or those implicated.

When this applies

Apply this workflow when a whistleblowing or protected disclosure report — submitted through an internal hotline, to a prescribed person, or directly to management — needs to be reviewed by a governance body, audit committee, or external investigator where protecting the discloser's identity is paramount.

How anonym.legal handles it

  1. Upload the whistleblowing report, internal hotline submission, or protected disclosure letter.
  2. The engine identifies the discloser's name (if included), the names of individuals implicated in the alleged wrongdoing, and any witness names.
  3. All named individuals are pseudonymised consistently, with the discloser assigned a separate clearly marked pseudonym to facilitate subsequent re-identification if required.
  4. The substance of the disclosure — the alleged wrongdoing, dates, locations, and supporting evidence references — is retained in plain text.
  5. The reversible mapping is encrypted and stored with EU data residency, with enhanced access controls given the sensitivity of the disclosure.
  6. The pseudonymised report is shared with the governance committee or external investigator.
  7. Re-identification is available via the stored key, with access restricted to authorised personnel to protect the discloser's ERA 1996 s.43A detriment protections.

What you provide

  • Whistleblowing report, hotline submission, or protected disclosure letter
  • Any supporting documentary evidence attached to the disclosure
  • Indication of whether the discloser's identity should be pseudonymised or is already anonymous

Limitations & cautions

  • anonym.legal does not assess whether the disclosure qualifies as a protected disclosure under ERA 1996 s.43A or advise on the prescribed persons regime; legal advice remains necessary.
  • Where the discloser has submitted the report anonymously, there is no identity to pseudonymise; the engine will still process the report to identify any names of third parties mentioned within it.
  • The substantive content of the disclosure — even without named individuals — may be sufficient to identify the discloser in a small organisation; context-level re-identification risk should be assessed manually.

FAQ

Does pseudonymising a whistleblowing report protect the discloser from detriment under ERA 1996?

Pseudonymisation is a data-minimisation measure that reduces the risk of the discloser's identity being inadvertently disclosed during the review process. It does not itself constitute a detriment-prevention measure; the employer's obligation not to subject the discloser to a detriment under ERA 1996 s.47B remains a separate duty.

Can the report be processed if the discloser submitted it anonymously?

Yes. If the discloser did not include their own name, the engine will pseudonymise any third-party names mentioned in the report. The discloser's anonymity is preserved in the disclosure itself; the mapping will simply contain no discloser-identity entry.

How should the governance committee access the pseudonymised report?

The pseudonymised report can be shared securely with governance committee members without revealing the discloser's identity. Only the designated whistleblowing officer — authorised under your organisation's whistleblowing policy — should retain access to the mapping key for re-identification purposes.

Does the tool handle reports submitted to external prescribed persons or regulators?

Yes. The tool processes the report document regardless of its intended recipient. If you are maintaining an internal copy of a report submitted to an external prescribed person or regulator, that copy can be pseudonymised for internal review and governance record-keeping purposes.

Related tasks

Employment Law

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.