This Practice Note provides an introduction to the data protection implications of establishing a global corporate whistleblowing scheme. It considers corporate whistleblowing requirements in the UK, US and EU, the EU data protection law approach to whistleblowing, the impact on whistleblowing schemes of restrictions on exporting personal data, other regulatory issues, and guidance from the Article 29 Working Party (now the European Data Protection Board). A compliance strategy is suggested.