Data breach notification

Purpose of processing

If a personal data breach can cause a risk to the rights and freedoms of natural persons, the supervisory authority must be notified. In Finland, the Office of the Data Protection Ombudsman functions as the supervisory authority.

Personal data breaches must be reported to the Office of the Data Protection Ombudsman without undue delay and, where feasible, not later than 72 hours after the controller has become aware of the personal data breach.

Our data protection policy: Electronic services at the Office of the Data Protection Ombudsman

Use secure e-mail when necessary

Please do not use the form to send sensitive (e.g. information concerning your state of health, social welfare services or your financial position) or confidential information. You can send such information separately by secure e-mail.

Sending e-mail messages through the Ministry of Justice's secure e-mail system is a safe way of delivering sensitive or confidential information to the Office of the Data Protection Ombudsman. Please refer to the form you sent earlier in the subject of your message, for example:

Data breach notification – name of your organisation – date of sending the form

Please also read the instructions for sending secure e-mai (pdf) before using the service.