Duties of the Data Protection Ombudsman

  • supervising compliance with data protection legislation and other laws concerning the processing of personal data
  • promoting awareness of the risks, rules, safeguards, obligations and rights related to the processing of personal data
  • carrying out investigations and inspections
  • imposing administrative sanctions for violations of the General Data Protection Regulation
  • issuing statements on legislative and administrative changes that affect the protection of the rights and freedoms of individuals with regard to the processing of personal data
  • issuing statements on offences involving the processing of personal data
  • supervising the processing of credit status information and corporate credit ratings
  • processing requests for issuing orders with regard to the rights of data subjectsand notifications of other violations related to the processing of personal data
  • receiving declarations of Data Protection Officers
  • receiving reports of personal data breaches
  • drawing up a list of circumstances in which a data protection impact assessment is required
  • evaluating prior consultations concerning high-risk data processing
  • approving code of practice and standard clauses
  • encouraging the adoption of certificates, accrediting certification bodies and revoking issued certificates
  • cooperating with the EU's other data protection authorities within the scope of the one-stop-shop principle and referring matters to the European Data Protection Board when required.

Data Protection Ombudsman represents Finland in the European Data Protection Board.