Haku

21.5.2026 | Eduskuntapuolueille lähetettiin 19. toukokuuta kysely, jolla selvitetään, miten henkilötietojen käsittelyn avoimuutta koskevat velvoitteet on huomioitu puolueiden toiminnassa.

19.3.2026 | Euroopan tietosuojaviranomaiset selvittävät tänä vuonna, kuinka organisaatiot noudattavat läpinäkyvyyttä ja avoimuutta koskevia velvoitteitaan henkilötietojen käsittelyssä. Yhteinen selvitys toteutetaan 25 maassa eri puolilla Eurooppaa.

Lawfulness, fairness and transparency The processing of personal data shall be lawful, fair and transparent. Lawfulness The processing of personal data must be done in compliance with the EU’s General Data Protection Regulation and other legislati...

19.3.2026 | This year, European data protection authorities will investigate how well organisations comply with the transparency and information obligations related to personal data processing. Data protection authorities from 25 countries across Europe will take part in the action.

Regulation on political advertising and the powers of the Data Protection Ombudsman The EU regulation on the transparency and targeting of political advertising sets out rules on how political advertising may be targeted. The Data Protection Ombud...

The Digital Services Act and powers of the Data Protection Ombudsman in the monitoring of online platforms The EU Digital Services Act (DSA) imposes obligations on digital service providers, such as online platforms, to improve the transparency an...

3.2.2026 | Högsta förvaltningsdomstolen upphävde i december dataombudsmannens och förvaltningsdomstolens avgöranden om behandlingen av uppgifter om försäkrings-sökandens hälsa. Högsta förvaltningsdomstolen anser att försäkringsbolagen får behandla hälsouppgifter direkt med stöd av dataskyddslagen då en person ansöker om en frivillig försäkring. Dataombudsmannen påminner om att behandlingen av hälsouppgifter ska vara förutsägbar och transparent för försäkringssökanden.

Inform data subjects about processing The requirements of the notification practices for controllers the requirements are laid down in the GDPR. The Office of the Data Protection Ombudsman urges industries to create shared notification practices a...

Data protection principles The data protection principles must always be observed when processing personal data . The controller must also be able to demonstrate the effective implementation of the data protection principles in the processing of p...

Frequently asked questions about the Digital Services Act (DSA) What kinds of operators are subject to the DSA's obligations? The obligations imposed by the Digital Services Act (DSA) apply to all online services, referred to as 'intermediary serv...

We promote responsibility in the digital environment The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regard to the processing of personal data. We build awareness of the rights, duties and opportu...

EU digital and data regulation The EU's digital and data regulation facilitate the movement of data within the EU, create clear and fair rules for data use and promote compliance with privacy, data protection and competition rules. Digital and dat...

Purpose limitation The purpose of processing personal data must be planned and defined clearly before the start of processing. Personal data may only be collected and processed for a specific and lawful purpose. The data may not be processed in a ...

The right to obtain information on the processing of personal data Data subjects have the right to be informed of the collection and processing of their personal data. The processing of personal data shall be done in a transparent manner. Data sub...

Roles and responsibilities for processing personal data in scientific research A research project can involve a variety of parties in different roles. Personal data may be processed for research purposes by one or more research organizations, pers...

Current issues Supreme Administrative Court upholds the administrative fine imposed on Verkkokauppa.com for data protection violations Publication date: 12.6.2026 Deputy Data Protection Ombudsman: individuals must be able to access their credit in...

Rätten att få information om behandlingen av personuppgifter En registrerad har rätt att få information om insamling och behandling av hans eller hennes personuppgifter. Behandlingen av personuppgifter ska vara transparent. En registrerad ska info...

Defining the research scheme and purpose for processing personal data Processing personal data for purposes of scientific research must comply with the requirement of purpose limitation. The purpose of processing personal data must be planned and ...

Controller's legitimate interests The processing of personal data can sometimes be justified due to the legitimate interests of the controller or a third party. The use of legitimate interests as a basis for processing requires particularly carefu...

Berätta om behandlingen för den registrerade Kraven för informationspraxis för personuppgiftsansvariga fastställs i den allmänna dataskyddsförordningen. Dataombudsmannens byrå uppmuntrar de olika branscherna att skapa gemensam informationspraxis t...