Haku
-
Transfers on the basis of an adequacy decision Personal data can be transferred out of the European Union and European Economic Area if the European Commission has issued a decision on an adequate level of protection for personal data (‘adequacy d...https://tietosuoja.fi/en/transfers-on-the-basis-of-an-adequacy-decision
-
Automated decision-making and profiling What does profiling mean? Profiling means the automated processing of personal data for evaluating the personal aspects of an individual. In particular, profiling refers to the analysis or prediction of aspe...https://tietosuoja.fi/en/automated-decision-making-and-profiling
-
Right not to be subject to a decision based solely on automated processing The data subject has the right to demand human involvement in decisions that concern him or her. Data subjects have the right not to be subject to a decision based solely o...https://tietosuoja.fi/en/right-not-to-be-subject-to-a-decision-based-solely-on-automated-processing
-
Have you been subjected to a decision based solely on automated processing? You have the right to demand human involvement in decisions that concern you. Some decisions concerning you can be made automatically. This means that humans are not invol...https://tietosuoja.fi/en/have-you-been-subjected-to-a-decision-based-solely-on-automated-processing
-
Frequently asked questions regarding the adequacy decision concerning data protection in the United States For organisations What does the adequacy decision concerning the United States mean? The European Commission's decision on the adequacy of d...https://tietosuoja.fi/en/faq-adequacy-decision-concerning-data-protection-in-the-united-states
-
Brexit and the transfer of personal data to the UK When the transition period for the withdrawal from the EU ended, the United Kingdom lost all its rights and obligations as a Member State. Due to the withdrawal from the EU, data protection regula...https://tietosuoja.fi/en/brexit-and-the-transfer-of-personal-data-to-the-uk
-
Transfers of personal data out of the European Economic Area Transferring personal data out of the EEA requires an appropriate basis for the transfer and compliance with the other requirements imposed by data protection legislation. This page desc...https://tietosuoja.fi/en/transfers-of-personal-data-out-of-the-eea
-
Processing involving several EU countries If your organisation operates in more than one EU country, you need to find out which country’s supervisory authority you are meant to deal with. This data protection authority is called the lead superviso...https://tietosuoja.fi/en/processing-involving-several-eu-countries
-
What rights do data subjects have in different situations? Not all of the rights of the data subject can be exercised in all situations, depending on factors such as the basis for the processing of personal data. Some of the rights of the data sub...https://tietosuoja.fi/en/what-rights-do-data-subjects-have-in-different-situations
-
Transfer bases for authorities and the public sector Authorities and public organisations can transfer personal data to international organisations or the public bodies of third countries based on a European Commission decision on the adequacy of ...https://tietosuoja.fi/en/transfer-bases-for-authorities-and-the-public-sector
-
List compiled by the Office of the Data Protection Ombudsman of processing operations which require data protection impact assessment (DPIA) Updated 21.12.2018 Article 35 (1) GDPR requires a DPIA when the processing activity is likely to result in...https://tietosuoja.fi/en/list-of-processing-operations-which-require-dpia
-
Data protection in the development and use of AI systems These pages have information on the requirements arising from data protection legislation that should be taken into account when artificial intelligence (AI) systems are developed and used. ...https://tietosuoja.fi/en/ai-systems-and-data-protection
-
Annual report 2024 The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regard to the processing of personal data The Office of the Data Protection Ombudsman is an autonomous and independent authority ...https://tietosuoja.fi/en/annual-report-2024
-
Accountability in scientific research The controller must be prepared to demonstrate that data protection regulations have been taken into account in the study. Researchers must document the implementation of data-protection principles and other p...https://tietosuoja.fi/en/accountability-in-scientific-research
-
Derogations for specific situations Article 49 of the General Data Protection Regulation provides for derogations for specific situations. They are a last-resort basis for data transfer, only applicable in exceptional cases . The transfer of data ...https://tietosuoja.fi/en/derogations-for-specific-situations
-
Disclosures of data Personal data is disclosed to service providers that supply IT services to the Office of the Data Protection Ombudsman. These providers process personal data on behalf of the Office and are not permitted to process the data for...https://tietosuoja.fi/en/disclosure-of-data
-
Data protection rights and legal protection You can request the Office of the Data Protection Ombudsman to fulfil the following data protection rights. Right to obtain information on the processing of personal data You have the right to know for w...https://tietosuoja.fi/en/your-data-protection-rights-and-legal-protection
-
In the description of public access to documents, we describe what kind of information the Office of the Data Protection Ombudsman stores and how you can request information for yourself.https://tietosuoja.fi/en/description-of-public-access-to-documents
-
Impact assessment Impact assessments are designed to identify, evaluate and control risks involved in the processing of personal data. They are designed to be a continuous process for identifying and controlling risks. Impact assessments must be c...https://tietosuoja.fi/en/impact-assessments
-
Demonstrate your compliance with data protection regulations Compliance with the provisions of the General Data Protection Regulation (GDPR) is required when processing personal data. Accountability means that the controller must be able to demons...https://tietosuoja.fi/en/accountability