Search

Guidelines of the European Data Protection Board The European Data Protection Board (EDPB) is responsible for the uniform application of the EU's General Data Protection Regulation and the Data Protection Directive applying to police and criminal ...

Safeguards to supplement transfer tools The level of protection for personal data must be essentially equivalent to that guaranteed within the EU when transferring data to international organisations and third countries outside the European Econom...

International activities Data Protection Ombudsman represents Finland in the European Data Protection Board. The Board is responsible for the uniform application of data protection legislation in the European Union. The Board consists of the EU's ...

Derogating from the rights of data subjects in the context of scientific or historical research or for statistical purposes Chapter III of the General Data Protection Regulation provides for the rights of the data subject applied to the processing...

Right to data portability The data subject has the right to receive the personal data that he or she has provided to a controller in a structured, commonly used and machine-readable format and, if desired, transmit that data to another controller....

Annual report 2024 The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regard to the processing of personal data The Office of the Data Protection Ombudsman is an autonomous and independent authority ...

In the description of public access to documents, we describe what kind of information the Office of the Data Protection Ombudsman stores and how you can request information for yourself.

Transfers of personal data out of the European Economic Area Transferring personal data out of the EEA requires an appropriate basis for the transfer and compliance with the other requirements imposed by data protection legislation. This page desc...

Right to erasure In certain cases, the data subject has the right to have the controller erase data concerning him or her without undue delay. This right is also known as the right to be forgotten. The controller is obligated to erase the personal...

Data protection in the development and use of AI systems These pages have information on the requirements arising from data protection legislation that should be taken into account when artificial intelligence (AI) systems are developed and used. ...

25.6.2025 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN OF FINLAND 2024 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN OF FINLAND 2024 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of ...

Frequently asked questions about the Digital Services Act (DSA) What kinds of operators are subject to the DSA's obligations? The obligations imposed by the Digital Services Act (DSA) apply to all online services, referred to as 'intermediary serv...

The Digital Services Act and powers of the Data Protection Ombudsman in the monitoring of online platforms The EU Digital Services Act (DSA) imposes obligations on digital service providers, such as online platforms, to improve the transparency an...

Anvisningar av Europeiska dataskyddsstyrelsen Europeiska dataskyddsstyrelsen ansvarar för en harmoniserad tillämpning inom Europeiska Unionen av EU:s allmänna dataskyddsförordning och dataskyddsdirektivet, som gäller för polis- och strafrättsmyndi...

13.8.2024 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2023 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2023 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regar...

Euroopan tietosuojaneuvoston ohjeet Euroopan tietosuojaneuvosto vastaa EU:n yleisen tietosuoja-asetuksen ja poliisi- ja rikosoikeusviranomaisia koskevan tietosuojadirektiivin yhdenmukaisesta soveltamisesta Euroopan unionissa. Tietosuojaneuvosto ju...

Bindande företagsbestämmelser Bindande företagsbestämmelser (BCR, Binding Corporate Rules) avser gemensamma bindande bestämmelser om överföring av personuppgifter till tredjeländer inom en koncern eller en grupp av företag som driver en gemensam e...

Binding corporate rules Binding Corporate Rules (BCR) refer to common binding rules on the transfer of personal data to third countries within companies in the same group of undertakings or group of enterprises engaged in a joint economic activity...

Yritystä koskevat sitovat säännöt Yritystä koskevat sitovat säännöt (BCR, Binding Corporate Rules) tarkoittavat yhteisiä sitovia sääntöjä henkilötietojen siirrosta kolmansiin maihin konsernin tai yhteistä taloudellista toimintaa harjoittavien yrit...

Frequently asked questions about personal identity code Is it permitted to ask for the personal identity code when a guest checks into a hotel? Yes. According to the Act on Accommodation and Food Service Activities (308/2006), an accommodation pro...