The Office of the Data Protection Ombudsman's Annual Report for 2020 has been published
The Office of the Data Protection Ombudsman has published its annual report on the Office’s activities in 2020. The Report presents the year's most important data protection events, key decisions and enforcement measures in various sectors, as well as the key performance indicators for the Office's operations. The year was marked by a growth in the number of data breach notifications, data protection questions related to the COVID-19 pandemic, as well as the backlog clearance project initiated at the Office. In its most significant decisions, the Office of the Data Protection Ombudsman's Sanctions Board imposed the first administrative fines for data protection violations in the spring of 2020.
The year 2020 was dominated by the coronavirus pandemic also at the Office of the Data Protection Ombudsman. Data protection questions related to the pandemic were reflected in calls to our telephone service and the instructions compiled on our website. The Office of the Data Protection Ombudsman also participated in the EU data protection authorities’ cooperation in matters related to the coronavirus pandemic. ”Even though the coronavirus has put our society to the test in many ways, I was pleased to note that Finland was proactive in taking the protection of personal data into account in its measures to combat the pandemic”, says Data Protection Ombudsman Anu Talus in her review.
The number of cases instituted with the Office of the Data Protection Ombudsman continued growing in 2020. This also increased the number of decisions issued. The number of cases instituted increased by nearly a thousand from 2019, while the number of resolved cases grew by 2,861. Social welfare and health care has been the largest sector in terms of the number of cases for several years now.
The processing of cases became congested at the Office of the Data Protection Ombudsman with the entry into force of the General Data Protection Regulation in 2018. In early 2020, the Office launched a project for clearing the backlog of unresolved cases instituted in 2014–2018. The clearance work has proceeded as planned, and the project has continued in 2021.
Data breach notifications accounted for more than a third of new cases instituted with the Office. A total of 4,276 data breaches, which is 437 more than in the previous year, were reported to the Office of the Data Protection Ombudsman during the year. The most significant data breach of 2020 was the data breach suffered by the Psychotherapy Centre Vastaamo. As a result of the breach, the Office of the Data Protection Ombudsman launched an investigation into the legality of the company’s actions.
The processing of personal data by the internal security authorities was monitored with scheduled audits for the first time. A total of 11 such audits were carried out in 2020.
The Annual Report is available from our website. It is available in Finnish, Swedish and as a summary in English.
Read the whole Annual Report (in Finnish): Tietosuojavaltuutetun toimiston toimintakertomus 2020 (pdf)
Highlights from the Annual Report (in Finnish): Toimintakertomus 2020
The Annual Report in Swedish: Dataombudsmannens byrås verksamhetsberättelse 2020 (pdf)
English summary of the Annual Report: Annual Report of the Data Protection Ombudsman 2020 (pdf)
Data Protection Ombudsman Anu Talus, anu.talus(at)om.fi, puh. 029 566 6766