Search

Confidentiality and security The processing of personal data must be confidential and secure. The controller is required to assess the potential risks, the level of the organisation's data protection and data security guidelines, and the technical...

Data protection Data protection safeguards your rights when your personal data is processed Everyone has the right to the protection of personal data concerning him or her. Data protection is a fundamental right that safeguards the rights and free...

Data protection principles The data protection principles must always be observed when processing personal data . The controller must also be able to demonstrate the effective implementation of the data protection principles in the processing of p...

Processing of personal data The processing of personal data refers to activities such as the collection, storage, use, transfer and disclosure of personal data. All activities involving personal data, from the planning of processing to the erasure...

Processing of the personal data of Data Protection Officers Controllers and processors must declare the contact details of their Data Protection Officers to our Office. The notification can be made with the form on our website or by providing the ...

Lifespan of personal data processing, data protection principles and the protection of data in scientific research If processing of personal data is necessary for the implementation of the study, the lifespan of the processing must be planned from...

Data breach notification Purpose of processing If a personal data breach can cause a risk to the rights and freedoms of natural persons, the supervisory authority must be notified. In Finland, the Office of the Data Protection Ombudsman functions ...

Personal data breaches What is a personal data breach? A personal data breach means an event leading to the destruction, loss, alteration or unauthorised disclosure of, or access to, personal data. Examples of personal data breaches include lost d...

Designating a data protection officer A data protection officer must be designated if your organisation processes sensitive data on a large scale monitors individuals regularly, systematically and on a large scale or your organisation is a public ...

Declaration of Data Protection Officer Purpose of processing The purpose of processing the personal data of Data Protection Officers is to enable communication between the supervisory authority and the Data Protection Officers of controllers and p...

Have you misplaced personal data? This page provides instructions on what to do if your personal data has been lost, stolen or acquired with a phishing message. Act fast especially if: you have lost payment card details or your online bank ID and ...

EU digital and data regulation The EU's digital and data regulation facilitate the movement of data within the EU, create clear and fair rules for data use and promote compliance with privacy, data protection and competition rules. Digital and dat...

Risk assessment and data protection planning Controllers have a responsibility to assess the risks relating to the processing of personal data every time they are about to process personal data. A risk assessment allows controllers to plan the ste...

Change to Data Protection Officer declaration Purpose of processing The purpose of processing the personal data of Data Protection Officers is to enable communication between the supervisory authority and the Data Protection Officers of controller...

Processing of special categories of personal data As a rule, the processing of personal data belonging to special categories is prohibited. Such data reveals the person’s ethnic origin political opinions religion or philosophical beliefs trade uni...

Destruction, anonymisation or archiving of data at the conclusion of research When a study ends, the controller must ensure that data is appropriately destroyed, anonymised or archived. Data protection regulations specify a lifespan for personal d...

Data protection in the development and use of AI systems These pages have information on the requirements arising from data protection legislation that should be taken into account when artificial intelligence (AI) systems are developed and used. ...

The right to obtain information on the processing of personal data Data subjects have the right to be informed of the collection and processing of their personal data. The processing of personal data shall be done in a transparent manner. Data sub...

When a competent authority processes your personal data The Act on the Processing of Personal Data in Criminal Matters and in Connection with Maintaining National Security sets down your rights when a competent authority processes your personal da...

Right to inspect the data processed by a competent authority The competent authority is required to tell you whether it is processing personal data concerning you. You have the right to inspect which of your personal data different controllers are...