Search

Frequently asked questions about the Digital Services Act (DSA) What kinds of operators are subject to the DSA's obligations? The obligations imposed by the Digital Services Act (DSA) apply to all online services, referred to as 'intermediary serv...

15.2.2022 | The Office of the Data Protection Ombudsman will participate in a coordinated enforcement action of the European Data Protection Board along with 22 other supervisory authorities. The purpose of the action is to investigate use of cloud-based services in the public sector. The action of the EDPB was launched on 15 February.

12.1.2024 | Internet platforms and other digital services will have new obligations when the application of the EU's Digital Services Act begins on 17 February 2024. The purpose of the new Act is to reduce illegal content and increase the transparency of services.

Frequently asked questions regarding the adequacy decision concerning data protection in the United States For organisations What does the adequacy decision concerning the United States mean? The European Commission's decision on the adequacy of d...

Transfers on the basis of an adequacy decision Personal data can be transferred out of the European Union and European Economic Area if the European Commission has issued a decision on an adequate level of protection for personal data (‘adequacy d...

EU digital and data regulation The EU's digital and data regulation facilitate the movement of data within the EU, create clear and fair rules for data use and promote compliance with privacy, data protection and competition rules. Digital and dat...

Data Act and powers of the Data Protection Ombudsman The EU Data Act (DA) sets out how data generated by connected products can be shared. Most of the regulation became applicable on 12 September 2025. The Office of the Data Protection Ombudsman m...

19.3.2026 | This year, European data protection authorities will investigate how well organisations comply with the transparency and information obligations related to personal data processing. Data protection authorities from 25 countries across Europe will take part in the action.

Transfers of personal data out of the European Economic Area Transferring personal data out of the EEA requires an appropriate basis for the transfer and compliance with the other requirements imposed by data protection legislation. This page desc...

Usein kysyttyä Yhdysvaltojen tietosuojan riittävyyttä koskevasta päätöksestä Organisaatioille Mitä Yhdysvaltoja koskeva riittävyyspäätös tarkoittaa? Euroopan komission päätös Yhdysvaltojen tietosuojan riittävästä tasosta tuli voimaan 10.7.2023. Pä...

Siirto tietosuojan riittävyyttä koskevan päätöksen perusteella Henkilötietoja voidaan siirtää Euroopan unionin ja Euroopan talousalueen ulkopuolelle, jos Euroopan komissio on antanut päätöksen henkilötietojen suojan riittävyydestä (nk. vastaavuusp...

Överföring på grundval av ett beslut om adekvat skyddsnivå Personuppgifter får överföras utanför Europeiska unionen och Europeiska ekonomiska samarbetsområdet, om kommissionen har meddelat ett beslut om adekvat skyddsnivå (s.k. likvärdighetsbeslut...

Vanliga frågor om beslutet om adekvat skyddsnivå för USA För organisationer Vad innebär beslutet om adekvat skyddsnivå för USA (likvärdighetsbeslutet)? Europeiska kommissionens beslut om adekvat skyddsnivå för USA trädde i kraft 10.7.2023. Med stö...

5.3.2025 | This year, the European data protection authorities will examine how organisations are exercising the right of individuals to have their personal data erased. Thirty-two data protection supervisory authorities from across Europe are participating in the joint inquiry. The Office of the Data Protection Ombudsman will investigate the situation in Finland through an anonymous survey of data controllers.

28.2.2024 | On 28 February, the European Data Protection Board launched a joint measure examining how the data subjects' right of access to their data is being realised in the operations of various organisations. A total of 28 data protection authorities from various EU Member States are taking part in the study. In Finland, the situation is charted with a questionnaire for controllers.

13.8.2024 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2023 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2023 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regar...

31.7.2023 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2022 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2022 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regar...

19.5.2023 | Page 1 of 16 Adopted - After public consultation Guidelines 04/2021 on Codes of Conduct as tools for transfers Version 2.0 Adopted on 22 February 2022 Page 2 of 16 Adopted - After public consultation Version history Version 2.0 22 February 2022 Ad...

19.1.2023 | Euroopan tietosuojaneuvosto on hyväksynyt tammikuun täysistunnossaan raportin ensimmäisestä yhteisestä koordinoidusta toimenpiteestään, jossa keskityttiin pilvipalvelujen käyttöön julkisella sektorilla. Raportissa tietosuojaneuvosto antaa muun muassa suosituksia julkisen sektorin organisaatioille pilvipohjaisten tuotteiden ja palvelujen käyttöön. Raportin liitteessä kuvaillaan myös toimia, joita tietosuojaviranomaiset ovat tähän mennessä toteuttaneet pilvipalveluja koskien.

20.6.2019 | Adopted Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation Version 3.0 4 June 2019 2 Adopted Version history Version 3.0 4 June 2019 Inclusion of Annex 2 (version 2.0 o...