Data protection is a success factor
The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regard to the processing of personal data. For us, data protection is a factor of success: for individuals, it means better protection of their personal data and the ability to manage it, while for businesses, it generates a competitive advantage based on responsible operations.
The Office of the Data Protection Ombudsman is an autonomous and independent authority that employs approximately 40 experts. The present Data Protection Ombudsman, Reijo Aarnio, has held the post since 1997. In the spring of 2019, the Office will see the appointment of two Deputy Data Protection Ombudsmen. The Data Protection Ombudsman and Deputy Ombudsmen are appointed by the government.
Our operating principles:
freedom of independent action, harnessing the power of the community, professionalism, proactiveness and guidance
The cornerstones of our strategy:
anticipation and prioritisation, competence, guidance based on information and alliances
communality, fairness and independence, timeliness, creativity, transparency and intelligibility
Our goals for 2017‒2020
- We will promote the citizens’ right to the protection of privacy and trust in the transparency of personal data processing in an increasingly digital society.
- We will successfully implement the objectives and effects of the data protection reform in national legislation and the activities of authorities.
- We will take preventive action to deter personal data breaches.
- We will promote the awareness of citizens, controllers and data processors of their rights and obligations related to data protection.
- We will promote the development of a single digital market within the EU.
Duties of the Data Protection Ombudsman
The Office of the Data Protection Ombudsman supervises the legality of personal data processing and the implementation of the data protection rights of individuals.
The duties of the Office of the Data Protection Ombudsman include
- supervising compliance with data protection legislation and other laws concerning the processing of personal data
- promoting awareness of the risks, rules, safeguards, obligations and rights related to the processing of personal data
- carrying out investigations and inspections
- imposing administrative sanctions for violations of the General Data Protection Regulation
- issuing statements on legislative and administrative changes that affect the protection of the rights and freedoms of individuals with regard to the processing of personal data
- issuing statements on offences involving the processing of personal data
- supervising the processing of credit status information and corporate credit ratings
- processing requests for issuing orders with regard to the rights of data subjectsand notifications of other violations related to the processing of personal data
- receiving declarations of Data Protection Officers
- receiving reports of personal data breaches
- drawing up a list of circumstances in which a data protection impact assessment is required
- evaluating prior consultations concerning high-risk data processing
- approving code of practice and standard clauses
- encouraging the adoption of certificates, accrediting certification bodies and revoking issued certificates
- cooperating with the EU's other data protection authorities within the scope of the one-stop-shop principle
- participating in the operations and decision-making of the European Data Protection Boardand referring matters to it when required.