Search

Transfers of personal data out of the European Economic Area Transferring personal data out of the EEA requires an appropriate basis for the transfer and compliance with the other requirements imposed by data protection legislation. This page desc...

Transfer of data abroad Research is an international activity, and a need to transfer personal data out of Finland may arise during a project. There is legislation to ensure that the level of data protection does not deteriorate even if a research...

Transfers on the basis of an adequacy decision Personal data can be transferred out of the European Union and European Economic Area if the European Commission has issued a decision on an adequate level of protection for personal data (‘adequacy d...

Safeguards to supplement transfer tools The level of protection for personal data must be essentially equivalent to that guaranteed within the EU when transferring data to international organisations and third countries outside the European Econom...

Frequently asked questions regarding the adequacy decision concerning data protection in the United States For organisations What does the adequacy decision concerning the United States mean? The European Commission's decision on the adequacy of d...

Know your responsibility and build trust

Codes of Conduct Codes of conduct are sector-specific guidelines on the application of data protection legislation. They are intended to help organisations comply with data protection requirements with concrete and practical instructions. By commi...

19.3.2026 | This year, European data protection authorities will investigate how well organisations comply with the transparency and information obligations related to personal data processing. Data protection authorities from 25 countries across Europe will take part in the action.

Frequently asked questions about direct marketing Electronic direct marketing includes direct marketing via automated calling systems, as well as direct marketing implemented using email, text, sound, voice or picture messages. Traditional direct ...

We promote responsibility in the digital environment The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regard to the processing of personal data. We build awareness of the rights, duties and opportu...

Data protection in the development and use of AI systems These pages have information on the requirements arising from data protection legislation that should be taken into account when artificial intelligence (AI) systems are developed and used. ...

4.7.2025 | On 1–2 July, the European Data Protection Board met in Helsinki for a two-day high level meeting to discuss common outlines for future work. In the statement issued at the meeting, the data protection authorities agreed on new measures to facilitate compliance with data protection regulations, to increase dialogue with stakeholders and to develop cooperation between authorities in different sectors.

5.3.2025 | This year, the European data protection authorities will examine how organisations are exercising the right of individuals to have their personal data erased. Thirty-two data protection supervisory authorities from across Europe are participating in the joint inquiry. The Office of the Data Protection Ombudsman will investigate the situation in Finland through an anonymous survey of data controllers.

28.2.2024 | On 28 February, the European Data Protection Board launched a joint measure examining how the data subjects' right of access to their data is being realised in the operations of various organisations. A total of 28 data protection authorities from various EU Member States are taking part in the study. In Finland, the situation is charted with a questionnaire for controllers.

25.6.2025 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN OF FINLAND 2024 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN OF FINLAND 2024 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of ...

13.8.2024 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2023 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2023 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regar...

31.7.2023 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2022 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2022 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regar...

7.12.2022 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2021 2 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2021 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with reg...

19.5.2023 | Adopted Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679 Version 2.0 4 June 2019 Adopted 2 Version history Version 2.0 4 June 2019 Adoption of the Guidelines after public consultation Version 1.0 12 February 20...

16.7.2019 | Adopted 1 Recommendation 01/2019 on the draft list of the European Data Protection Supervisor regarding the processing operations subject to the requirement of a data protection impact assessment (Article 39.4 of Regulation (EU) 2018/1725) Adopted...