On 26 November 2019, Directive (EU) 2019/1937 of the European Parliament and the Council "on the protection of persons who report breaches of Union law" has been published in the Official Journal of the European Union, with the aim of strengthening the application of European Union law and policies in specific sectors deemed "sensitive" (e.g. public procurement, environmental protection, public health, consumer protection, and privacy). The Directive establishes common minimum standards for all member states in order to ensure a high level of protection of individuals who report violations of EU law (whistleblowers), with particular regard to those who acquire news of illegal offences in the workplace. This applies to private and public companies, even during the hiring process or if the employment relationship is no longer in place, and urges states to adopt specific rules in order to prioritise the adoption by private companies and public bodies of internal channels for reporting illegal offences, with the obligation for private sector companies with at least 50 employees to have at least one permanent internal reporting channel. The Directive also contains some important connecting rules between the protection granted to whistleblowers and the protection of personal data, both of the reporting person and person being reported, expressly referencing to EU Regulation 2016/679 (GDPR). A transitional period is provided for, within which the states must adapt their own regulations in general terms by 17 December 2021, while private companies with more than 50 employees will have until 17 December 2023 to introduce and/or adapt their internal reporting systems.