Current Issues

Office of the Data Protection Ombudsman makes first decision as lead supervisory authority in a cross-border case – right of access implementation did not comply with data protection rules

The Data Protection Ombudsman has ordered Nissan Nordic Europe Plc to correct its practices regarding the data subject's right of access to data. The controller did not provide information to a customer who had requested access to their personal data within the deadline set by the General Data Protection Regulation (GDPR). This is the first ruling by the Data Protection Ombudsman in a cross-border case involving the processing of personal data of data subjects residing in several EU countries.

Show more
Press release 12.7.2021 10.31
Fine for a company for carrying out direct marketing with robocalls without consent

The Data Protection Ombudsman’s sanctions board has imposed an administrative fine on a magazine publisher due to data protection violations related to direct marketing. The publishing company carried out direct marketing of the magazine with an automated calling system, that is, with so-called robocalls, without the consent of the call recipients. In the robocalls, it was not ascertained that the data subjects would be able to exercise their data protection rights. In addition, the controller and the subcontracting company that carried out direct marketing calls on its behalf had not drawn up a processing agreement required by the General Data Protection Regulation (GDPR) for carrying out direct marketing.

Show more
Press release 6.7.2021 9.59