1. Member States shall ensure that effective mechanisms are established to encourage reporting of breaches of this Directive or of Regulation (EU) No 537/2014 to the competent authorities.
2. The mechanisms referred to in paragraph 1 shall include at least:
(a) specific procedures for the receipt of reports of breaches and their follow-up;
(b) protection of personal data concerning both the person who reports the suspected or actual breach and the person who is suspected of committing, or who has allegedly committed that breach, in compliance with the principles laid down in Directive 95/46/EC;
(c) appropriate procedures to ensure the right of the accused person to a defence and to be heard before the adoption of a decision concerning him or her, and the right to seek an effective remedy before a tribunal against any decision or measure concerning him or her.
3. Member States shall ensure that audit firms establish appropriate procedures for their employees to report potential or actua
…