Skip to Content
  • Valitse kieli Suomi
  • Välj språket Svenska
  • Select language English
Data Protection Ombudsman’s Office
Search page
  • Home
  • Current issues
  • Data protection
  • Private persons
  • Organisations
  • Office of the Data Protection Ombudsman
  • Tietosuojavaltuutetun toimisto
  • en
  • Organisations

For organisations

Know your responsibility and build trust

This section provides information on the matters that organisations need to take into account when processing personal data. The section contains information for controllers, processors and Data Protection Officers.

  • Processing of personal data
  • Data protection principles
  • Frequently asked questions
  • Risk assessment and data protection planning
  • Demonstrate your compliance with data protection regulations
  • Inform data subjects about processing
  • Rights of the data subject
  • Data protection officers
  • Processors
  • Personal data breaches
  • Transfers of personal data out of the European Economic Area
  • Codes of Conduct
  • Guidelines of the European Data Protection Board

Office of the Data Protection Ombudsman

Visiting address: Lintulahdenkuja 4, 00530 Helsinki

Postal address: P.O. Box 800, 00531 Helsinki, Finland

E-mail: tietosuoja(at)om.fi

Switchboard: +358 (0)29 566 6700

Registry: +358 (0)29 566 6768

 

 

General guidance for private persons: +358 (0)29 566 6777

General guidance for controllers: +358 (0)29 566 6778

Available Tue–Thu 9 a.m. to 11 a.m.

Information about telephone guidance

Frequently asked questions

Our data protection policy

Accessibility statement

For the media​​​​​​​

LinkedIn

​​​​​​​X (Twitter)

 

 ­ Tulosta

  • Home
  • Current issues
    • News
    • Guidelines of the European Data Protection Board
  • Data protection
    • What is personal data?
      • Pseudonymised and anonymised data
    • Legislation
    • Frequently asked questions
      • Adequacy decision concerning data protection in the United States
      • Banking
      • Camera surveillance
      • Credit information
      • Data Protection Officers
      • Digital Services Act (DSA)
      • Direct Marketing
      • Elections
      • Genealogy
      • Health care
      • Information systems
      • Internet
      • Mobile location
      • Personal identity code
      • Phone calls
      • Scientific research
      • Search engines
      • Working life
    • Children's data protection
    • Scientific research and data protection
      • Defining the research scheme and purpose for processing personal data
      • Minimisation of personal data
      • Lifespan of personal data processing, data protection principles and the protection of data
      • Choosing the processing basis and ensuring its lawfulness
      • Rights of the data subject in scientific research
      • Roles and responsibilities for processing personal data
      • Transfer of data abroad
      • Accountability in scientific research
      • Destruction, anonymisation or archiving of data
      • The researcher’s data protection expertise
    • Digital Services Act (DSA)
  • Private persons
    • Know your rights
    • Have you been notified of the processing of your personal data?
    • When you want to inspect your data
    • If you want to have your data rectified
    • If you would like to have your data erased
    • If you would like to have your personal data transferred to another controller
    • If you do not want your data processed
    • Have you been subjected to a decision based solely on automated processing?
    • Have you been affected by a personal data breach?
    • When your personal data are processed in the Schengen Information System or the Visa Information System
    • Have you misplaced personal data?
    • Claiming damages
    • When a competent authority processes your personal data
      • What is a competent authority
      • Right to obtain information on the processing of personal data
      • Right to inspect data processed by a competent authority
      • Rectification of data processed by a competent authority
      • Erasure of data and restriction of processing
    • Notification to the Data Protection Ombudsman
  • Organisations
    • Processing of personal data
      • When is the processing of personal data permitted?
        • Consent of the data subject
        • Controller's legitimate interests
        • Processing of special categories of personal data
      • Risk assessment and data protection planning
        • Impact assessments
          • Carrying out an impact assessment
          • List of processing operations which require DPIA
        • Prior consultation
          • Prior consultation request
      • Automated decision-making and profiling
      • Processing involving several EU countries
    • Data protection principles
      • Lawfulness, fairness and transparency
      • Purpose limitation
      • Minimisation of data
      • Accuracy of data
      • Storage limitation
      • Confidentiality and security
    • Demonstrate your compliance with data protection regulations
      • Record of processing activities
        • Controller's record of processing activities
        • Processor's record of processing activities
    • Inform data subjects about processing
    • Rights of the data subject
      • The right to obtain information on the processing of personal data
      • Right of access
      • Right to rectification
      • Right to erasure
      • Right to restriction of processing
      • Right to data portability
      • Right to object
      • Right not to be subject to a decision based solely on automated processing
      • What rights do data subjects have in different situations?
      • Derogating from the rights of data subjects
    • Data protection officers
      • Designating a data protection officer
      • Declaration of Data Protection Officer
      • Change to Data Protection Officer declaration
    • Processors
      • Processors’ responsibilities
    • Personal data breaches
      • Data breach notification
    • Transfers of personal data out of the European Economic Area
      • Transfers on the basis of an adequacy decision
      • Standard clauses adopted by the Commission
      • Safeguards to supplement transfer tools
      • Binding corporate rules
      • Derogations for specific situations
      • Transfer bases for authorities and the public sector
      • Brexit and the transfer of personal data to the UK
    • Codes of Conduct
      • The review and approval of codes of conduct
      • Supervision of codes of conduct
  • Office of the Data Protection Ombudsman
    • Duties
      • Corrective powers
    • Mission statement
    • International activities
    • Annual report 2023
      • Archive
    • Forms
    • Our data protection policy
      • Visiting the office
      • Electronic services at our office
        • Cookies
      • Telephone services
      • Processing of matters within our competence
      • Processing of the personal data of Data Protection Officers
      • Submitting job applications
      • Disclosure of data
      • Your data protection rights and legal protection
    • Accessibility statement
    • Contact information
      • Telephone guidance
      • Registry
      • Description of public access to documents
      • Data Protection Officer
      • Lecture requests
      • For the media
Back to top