Search
- Fess search
-
Contact information Office of the Data Protection Ombudsman Street address: Lintulahdenkuja 4, 00530 Helsinki Postal address: PL 800, 00531 Helsinki, Finland Switchboard : +358 29 566 6700 Registry: +358 29 566 6768 E-mail (registry): tietosuoja(a...https://tietosuoja.fi/en/contact-information
-
When your personal data are processed in the Schengen Information System or the Visa Information System The Schengen Information System (SIS) and the joint Visa Information System (VIS) of the EU countries are information exchange systems used as ...https://tietosuoja.fi/en/when-your-personal-data-are-processed-in-the-schengen-information-system-or-the-visa-information-system
-
The right to obtain information on the processing of personal data Data subjects have the right to be informed of the collection and processing of their personal data. The processing of personal data shall be done in a transparent manner. Data sub...https://tietosuoja.fi/en/the-right-to-obtain-information-on-the-processing-of-personal-data
-
The right to obtain information on the processing of personal data by a competent authority You have the right to obtain information on the purpose for which a competent authority collects your personal data and on how it is processed. The authori...https://tietosuoja.fi/en/right-to-obtain-information-on-the-processing-of-personal-data
-
Frequently asked questions about credit information When is a payment default entry made in the credit information register? You can get a payment default entry in approximately two months from the payment's due date at the earliest. A payment def...https://tietosuoja.fi/en/faq-credit-information
-
Frequently asked questions about information systems Can the customer of the company be entitled to log data by virtue of the right of access? Article 15 of the General Data Protection Regulation provides for the data subject's right of access to ...https://tietosuoja.fi/en/faq-information-systems
-
30.3.2026 | The Deputy Data Protection Ombudsman has determined that the credit information company Dun & Bradstreet Finland’s practice of allowing individuals to only check their credit information for free once per year is not compliant with data protection legislation. Several deficiencies were also found in the company’s practices for responding to personal data requests.https://tietosuoja.fi/en/-/deputy-data-protection-ombudsman-individuals-must-be-able-to-access-their-credit-information-for-free
-
Inform data subjects about processing The requirements of the notification practices for controllers the requirements are laid down in the GDPR. The Office of the Data Protection Ombudsman urges industries to create shared notification practices a...https://tietosuoja.fi/en/inform-data-subjects-about-processing
-
In the description of public access to documents, we describe what kind of information the Office of the Data Protection Ombudsman stores and how you can request information for yourself.https://tietosuoja.fi/en/description-of-public-access-to-documents
-
When you want to inspect your data The controller is required to tell you whether it is processing personal data concerning you. You have the right to inspect which of your personal data different controllers are processing. Thus, you can also ver...https://tietosuoja.fi/en/when-you-want-to-inspect-your-data
-
Right of access Data subjects have the right to receive confirmation from the controller on whether or not the controller is processing personal data that concerns them. The data subjects thus have the opportunity to evaluate and ensure the legali...https://tietosuoja.fi/en/right-of-access
-
Data protection rights and legal protection You can request the Office of the Data Protection Ombudsman to fulfil the following data protection rights. Right to obtain information on the processing of personal data You have the right to know for w...https://tietosuoja.fi/en/your-data-protection-rights-and-legal-protection
-
Frequently asked questions on data protection and the coronavirus What does health data mean? Health data refers to information about an individual’s health, diseases, disability or treatment. Health data belongs to the special categories of perso...https://tietosuoja.fi/en/coronavirus-covid-19
-
Website cookies Cookies are small text files that browsers save on visitors’ devices. Cookies are used to keep the language selection of a user when they navigate between pages, for example. The tietosuoja.fi website uses cookies that are essentia...https://tietosuoja.fi/en/cookies
-
Right to inspect the data processed by a competent authority The competent authority is required to tell you whether it is processing personal data concerning you. You have the right to inspect which of your personal data different controllers are...https://tietosuoja.fi/en/right-to-inspect-data-processed-by-a-competent-authority
-
Frequently asked questions about working life What personal data on employees and job applicants can an employer process? The employer may only process personal data that is directly necessary with regard to the employee's employment relationship,...https://tietosuoja.fi/en/faq-working-life
-
The Digital Services Act and powers of the Data Protection Ombudsman in the monitoring of online platforms The EU Digital Services Act (DSA) imposes obligations on digital service providers, such as online platforms, to improve the transparency an...https://tietosuoja.fi/en/digital-services-act
-
Processing of matters within our competence Processing of personal data in connection with the processing of cases falling within our competence Cases instituted with the Office of the Data Protection Ombudsman are logged in the Office's case mana...https://tietosuoja.fi/en/processing-of-matters-within-our-competence
-
Minimisation of personal data in scientific research The necessity of personal data for scientific research must be assessed at the earliest possible stage. Efforts must be made to minimise the processing of personal data. Both the amount and natu...https://tietosuoja.fi/en/minimisation-of-personal-data
-
Electronic services at the Office of the Data Protection Ombudsman Instituting a case electronically The Office of the Data Protection Ombudsman uses electronic forms implemented with the Government ICT Centre's (Valtori) Turvalomake (Secure Form)...https://tietosuoja.fi/en/electronic-services-at-our-office
-
Frequently asked questions about health care Rectifying patient records How can I rectify my patient records? If there are errors in your patient records, you can ask for their rectification. The rectification request is made to the health care un...https://tietosuoja.fi/en/faq-health-care
-
Submitting job applications Processing of personal data related to the job application process We publish information on open positions in the Valtiolle.fi service, which is the primary channel for submitting job applications. Through the Valtioll...https://tietosuoja.fi/en/submitting-job-applications
-
What rights do data subjects have in different situations? Not all of the rights of the data subject can be exercised in all situations, depending on factors such as the basis for the processing of personal data. Some of the rights of the data sub...https://tietosuoja.fi/en/what-rights-do-data-subjects-have-in-different-situations
-
If you would like to have your data erased In certain situations, you have the right to request the controller to erase the personal data concerning you. Personal data refers to information by which you can be identified. A company, authority or c...https://tietosuoja.fi/en/if-you-would-like-to-have-all-of-your-data-erased
-
Rights of the data subject in scientific research The rights of the data subject arising from the basis for processing should be considered at the planning stage of the study. Research subjects must be informed of how their personal data will be p...https://tietosuoja.fi/en/rights-of-the-data-subject-in-scientific-research
-
Automated decision-making and profiling What does profiling mean? Profiling means the automated processing of personal data for evaluating the personal aspects of an individual. In particular, profiling refers to the analysis or prediction of aspe...https://tietosuoja.fi/en/automated-decision-making-and-profiling
-
Telephone services at the Office of the Data Protection Ombudsman Data processed in connection with the use of telephone services Switchboard The switchboard of the Office of the Data Protection Ombudsman connects calls to the public officials wor...https://tietosuoja.fi/en/telephone-services
-
Have you misplaced personal data? This page provides instructions on what to do if your personal data has been lost, stolen or acquired with a phishing message. Act fast especially if: you have lost payment card details or your online bank ID and ...https://tietosuoja.fi/en/have-you-misplaced-personal-data
-
Frequently asked questions about direct marketing Electronic direct marketing includes direct marketing via automated calling systems, as well as direct marketing implemented using email, text, sound, voice or picture messages. Traditional direct ...https://tietosuoja.fi/en/faq-direct-marketing
-
Record of processing activities Record of processing activities is a written description of organisations personal data processing. The obligation to draw up a record of processing activities applies to all organisations with more than 250 employe...https://tietosuoja.fi/en/record-of-processing-activities
-
Consent of the data subject Consent is one possible legal basis for processing personal data. Consent gives the data subjects the opportunity to monitor the processing of their personal data and influence it by withdrawing their consent. Requireme...https://tietosuoja.fi/en/consent-of-the-data-subject
-
Data Act and powers of the Data Protection Ombudsman The EU Data Act (DA) sets out how data generated by connected products can be shared. Most of the regulation became applicable on 12 September 2025. The Office of the Data Protection Ombudsman m...https://tietosuoja.fi/en/data-act
-
Have you been affected by a personal data breach? This page contains instructions for people who have been affected by a personal data breach. If you have been affected by a personal data breach, first check what data about you could have been dis...https://tietosuoja.fi/en/have-you-been-affected-by-a-personal-data-breach
-
Registry You can enquire after matters concerning instituting and pending a case from the registry of the Office of the Data Protection Ombudsman. This kind of enquiries are for example how should a case be sent to the Office of the Data Protectio...https://tietosuoja.fi/en/registry
-
Personal data breaches What is a personal data breach? A personal data breach means an event leading to the destruction, loss, alteration or unauthorised disclosure of, or access to, personal data. Examples of personal data breaches include lost d...https://tietosuoja.fi/en/personal-data-breaches
-
Controller's record of processing activities The obligation to draw up a record of processing activities applies to all organisations with more than 250 employees. Smaller organisations are also required to draw up the record if the personal data ...https://tietosuoja.fi/en/controller-s-record-of-processing-activities
-
Right to object In certain situations, the data subject has the right to object to the processing of his or her personal data, that is, request the controller not to process it at all. If the data is processed for the performance of a task carried...https://tietosuoja.fi/en/right-to-object
-
Claiming damages for violations of the GDPR Data subjects are entitled to damages if a controller or processor of personal data violates the EU General Data Protection Regulation and the violation causes material or immaterial damage to the data s...https://tietosuoja.fi/en/claiming-damages
-
Derogating from the rights of data subjects in the context of scientific or historical research or for statistical purposes Chapter III of the General Data Protection Regulation provides for the rights of the data subject applied to the processing...https://tietosuoja.fi/en/derogating-from-the-rights-of-data-subjects
-
Processing of the personal data of Data Protection Officers Controllers and processors must declare the contact details of their Data Protection Officers to our Office. The notification can be made with the form on our website or by providing the ...https://tietosuoja.fi/en/processing-of-the-personal-data-of-data-protection-officers