Haku
- Fess-haku
-
Transfer bases for authorities and the public sector Authorities and public organisations can transfer personal data to international organisations or the public bodies of third countries based on a European Commission decision on the adequacy of ...https://tietosuoja.fi/en/transfer-bases-for-authorities-and-the-public-sector
-
In the description of public access to documents, we describe what kind of information the Office of the Data Protection Ombudsman stores and how you can request information for yourself.https://tietosuoja.fi/en/description-of-public-access-to-documents
-
Destruction, anonymisation or archiving of data at the conclusion of research When a study ends, the controller must ensure that data is appropriately destroyed, anonymised or archived. Data protection regulations specify a lifespan for personal d...https://tietosuoja.fi/en/destruction-anonymisation-or-archiving-of-data
-
When is the processing of personal data permitted? Legal bases for processing personal data The processing of personal data always requires a legal basis, which must be determined before the start of processing. Once the processing of personal dat...https://tietosuoja.fi/en/when-is-the-processing-of-personal-data-permitted
-
Current issues Deputy Data Protection Ombudsman: individuals must be able to access their credit information for free Publication date: 30.3.2026 Suomen Numerokeskus fined for failing to provide call recordings Publication date: 25.3.2026 The Offi...https://tietosuoja.fi/en/current-issues
-
Transfers on the basis of an adequacy decision Personal data can be transferred out of the European Union and European Economic Area if the European Commission has issued a decision on an adequate level of protection for personal data (‘adequacy d...https://tietosuoja.fi/en/transfers-on-the-basis-of-an-adequacy-decision
-
Telephone services at the Office of the Data Protection Ombudsman Data processed in connection with the use of telephone services Switchboard The switchboard of the Office of the Data Protection Ombudsman connects calls to the public officials wor...https://tietosuoja.fi/en/telephone-services
-
Frequently asked questions regarding the adequacy decision concerning data protection in the United States For organisations What does the adequacy decision concerning the United States mean? The European Commission's decision on the adequacy of d...https://tietosuoja.fi/en/faq-adequacy-decision-concerning-data-protection-in-the-united-states
-
Processing of special categories of personal data As a rule, the processing of personal data belonging to special categories is prohibited. Such data reveals the person’s ethnic origin political opinions religion or philosophical beliefs trade uni...https://tietosuoja.fi/en/processing-of-special-categories-of-personal-data
-
Data Act and powers of the Data Protection Ombudsman The EU Data Act (DA) sets out how data generated by connected products can be shared. Most of the regulation became applicable on 12 September 2025. The Office of the Data Protection Ombudsman m...https://tietosuoja.fi/en/data-act
-
Transfers of personal data out of the European Economic Area Transferring personal data out of the EEA requires an appropriate basis for the transfer and compliance with the other requirements imposed by data protection legislation. This page desc...https://tietosuoja.fi/en/transfers-of-personal-data-out-of-the-eea
-
Electronic services at the Office of the Data Protection Ombudsman Instituting a case electronically The Office of the Data Protection Ombudsman uses electronic forms implemented with the Government ICT Centre's (Valtori) Turvalomake (Secure Form)...https://tietosuoja.fi/en/electronic-services-at-our-office
-
The right to obtain information on the processing of personal data Data subjects have the right to be informed of the collection and processing of their personal data. The processing of personal data shall be done in a transparent manner. Data sub...https://tietosuoja.fi/en/the-right-to-obtain-information-on-the-processing-of-personal-data
-
Derogations for specific situations Article 49 of the General Data Protection Regulation provides for derogations for specific situations. They are a last-resort basis for data transfer, only applicable in exceptional cases . The transfer of data ...https://tietosuoja.fi/en/derogations-for-specific-situations
-
Guidelines of the European Data Protection Board The European Data Protection Board (EDPB) is responsible for the uniform application of the EU's General Data Protection Regulation and the Data Protection Directive applying to police and criminal ...https://tietosuoja.fi/en/guidelines-of-the-european-data-protection-board
-
10.1.2019 | TIETOSUOJAVALTUUTETUN TOIMISTO TYÖELÄMÄN TIETOSUOJA NS. WHISTLEBLOWING- ILMIANTOJÄRJESTELMÄSSÄ __________________ 27.7.2010 Opas on päivitetty heinäkuussa 2010, eikä sen tietosuoja- asetuksen mukaisuutta ole arvioitu. Euroopan unionin yleistä tiet...https://tietosuoja.fi/documents/6927448/10594424/Ty%C3%B6el%C3%A4m%C3%A4n+tietosuoja+whistleblowing/bb8c71db-4caa-a55c-5665-f8cd7e35e869?t=1547102780000
-
Disclosures of data Personal data is disclosed to service providers that supply IT services to the Office of the Data Protection Ombudsman. These providers process personal data on behalf of the Office and are not permitted to process the data for...https://tietosuoja.fi/en/disclosure-of-data
-
For the media Interview requests Media representatives may contact the Office of the Data Protection Ombudsman’s communications to arrange a suitable interview time. Communications can be reached by media representatives during office hours. Commu...https://tietosuoja.fi/en/for-the-media
-
Processing of matters within our competence Processing of personal data in connection with the processing of cases falling within our competence Cases instituted with the Office of the Data Protection Ombudsman are logged in the Office's case mana...https://tietosuoja.fi/en/processing-of-matters-within-our-competence
-
Impact assessment Impact assessments are designed to identify, evaluate and control risks involved in the processing of personal data. They are designed to be a continuous process for identifying and controlling risks. Impact assessments must be c...https://tietosuoja.fi/en/impact-assessments