Data breach notification

Purpose of processing

If a personal data breach can cause a risk to the rights and freedoms of natural persons, the supervisory authority must be notified. In Finland, the Office of the Data Protection Ombudsman functions as the supervisory authority.

Personal data breaches must be reported to the Office of the Data Protection Ombudsman without undue delay and, where feasible, not later than 72 hours after the controller has become aware of the personal data breach.

Sending a data breach notification to the Office of the Data Protection Ombudsman

The form for Data Breach Notification is available in the Turvalomake secure form service of the Government ICT Centre Valtori. The form is filled in and sent securely to the Office of the Data Protection Ombudsman.

Our data protection policy: Electronic services at the Office of the Data Protection Ombudsman

When the declaration you have sent has been received at the registry of the Office of the Data Protection Ombudsman, you will receive a message from the Office of the Data Protection Ombudsman.

This form is intended for organizations only. Private persons can contact the Office of the Data Protection Ombudsman by forms intended for private persons.

Data Breach Notification (Turvalomake secure form service)

Data breach notification

Purpose of processing

Sending a data breach notification to the Office of the Data Protection Ombudsman

Common topics