Search

Have you misplaced personal data? This page provides instructions on what to do if your personal data has been lost, stolen or acquired with a phishing message. Act fast especially if: you have lost payment card details or your online bank ID and ...

Have you been affected by a personal data breach? This page contains instructions for people who have been affected by a personal data breach. If you have been affected by a personal data breach, first check what data about you could have been dis...

Processors’ responsibilities Processors are governed by the General Data Protection Regulation if they are established in an EU Member State they are not established in an EU Member State but their personal data processing activities relate to the...

Processors A processor is an individual or an organisation that processes personal data on behalf of a controller. Processors operate according to the controller’s instructions and under its supervision. The controller determines the purposes and ...

Transfer bases for authorities and the public sector Authorities and public organisations can transfer personal data to international organisations or the public bodies of third countries based on a European Commission decision on the adequacy of ...

Data protection officers A data protection officer is an expert within the organisation, who monitors the processing of personal data and provides advice on compliance with data protection regulations. The data protection officer monitors complian...

Accountability in scientific research The controller must be prepared to demonstrate that data protection regulations have been taken into account in the study. Researchers must document the implementation of data-protection principles and other p...

Data Protection Officer of the Office of the Data Protection Ombudsman The Data Protection Officer of the Office of the Data Protection Ombudsman acts as a contact person when the Office of the Data Protection Ombudsman processes your personal dat...

Roles and responsibilities for processing personal data in scientific research A research project can involve a variety of parties in different roles. Personal data may be processed for research purposes by one or more research organizations, pers...

Contact information Office of the Data Protection Ombudsman Street address: Lintulahdenkuja 4, 00530 Helsinki Postal address: PL 800, 00531 Helsinki, Finland Switchboard : +358 29 566 6700 Registry: +358 29 566 6768 E-mail (registry): tietosuoja(a...

Visiting the Office of the Data Protection Ombudsman Instituting a case Our website contains electronic forms for instituting cases falling within the competence of the data protection authorities ( read more on our office’s electronic services )....

Electronic services at the Office of the Data Protection Ombudsman Instituting a case electronically The Office of the Data Protection Ombudsman uses electronic forms implemented with the Government ICT Centre's (Valtori) Turvalomake (Secure Form)...

Data protection for children and youth A lot of information called personal data is collected on you when you use the internet, social media or the apps on your phone, or play video games. Personal data is also collected for your hobbies and at sc...

Risk assessment and data protection planning Controllers have a responsibility to assess the risks relating to the processing of personal data every time they are about to process personal data. A risk assessment allows controllers to plan the ste...

Frequently asked questions about elections On this page, you will find answers to frequently asked questions about election advertising and data protection. See also: Frequently asked questions about direct marketing Information on the EU regulati...

Accessibility statement of Tietosuoja.fi This accessibility statement applies to the website www.tietosuoja.fi and it was created on 22 September 2020. The statement has been updated on 20 January 2026. We are committed to providing accessibility ...

Record of processing activities Record of processing activities is a written description of organisations personal data processing. The obligation to draw up a record of processing activities applies to all organisations with more than 250 employe...

Standard clauses adopted by the Commission Personal data can also be transferred out of the EU and EEA under the standard contractual clauses (SCC) adopted by the Commission. A transition period set for the adoption of the updated standard clauses...

Codes of Conduct Codes of conduct are sector-specific guidelines on the application of data protection legislation. They are intended to help organisations comply with data protection requirements with concrete and practical instructions. By commi...

Lifespan of personal data processing, data protection principles and the protection of data in scientific research If processing of personal data is necessary for the implementation of the study, the lifespan of the processing must be planned from...