Search
- Fess search
-
List compiled by the Office of the Data Protection Ombudsman of processing operations which require data protection impact assessment (DPIA) Updated 21.12.2018 Article 35 (1) GDPR requires a DPIA when the processing activity is likely to result in...https://tietosuoja.fi/en/list-of-processing-operations-which-require-dpia
-
Frequently asked questions about mobile location Why do telecommunications companies process location data? Thanks to communications networks, users are available wherever they are. In order to create a connection between the caller and recipient ...https://tietosuoja.fi/en/faq-mobile-location
-
Telephone guidance Our telephone guidance service provides general guidance and support in matters involving data protection and lets you know if the case requires more detailed investigation and processing at our Office. In the first instance, tr...https://tietosuoja.fi/en/telephone-guidance
-
Roles and responsibilities for processing personal data in scientific research A research project can involve a variety of parties in different roles. Personal data may be processed for research purposes by one or more research organizations, pers...https://tietosuoja.fi/en/roles-and-responsibilities-for-processing-personal-data
-
Carrying out an impact assessment 1. Draw up a systematic description of the envisaged processing operations and the purposes of the processing Draw up a description of the nature, scope, context and purposes of the processing of personal data. Id...https://tietosuoja.fi/en/carrying-out-an-impact-assessment
-
Notification to the Data Protection Ombudsman Concerning your rights Data protection rights help you manage your data. If you would like to exercise your rights, first contact the company or organisation that is processing your data, i.e. the cont...https://tietosuoja.fi/en/notification-to-the-data-protection-ombudsman
-
Controller's legitimate interests The processing of personal data can sometimes be justified due to the legitimate interests of the controller or a third party. The use of legitimate interests as a basis for processing requires particularly carefu...https://tietosuoja.fi/en/controller-s-legitimate-interests
-
Right to object In certain situations, the data subject has the right to object to the processing of his or her personal data, that is, request the controller not to process it at all. If the data is processed for the performance of a task carried...https://tietosuoja.fi/en/right-to-object
-
Controller's record of processing activities The obligation to draw up a record of processing activities applies to all organisations with more than 250 employees. Smaller organisations are also required to draw up the record if the personal data ...https://tietosuoja.fi/en/controller-s-record-of-processing-activities
-
Lifespan of personal data processing, data protection principles and the protection of data in scientific research If processing of personal data is necessary for the implementation of the study, the lifespan of the processing must be planned from...https://tietosuoja.fi/en/lifespan-of-personal-data-processing-data-protection-principles-and-the-protection-of-data
-
Derogations for specific situations Article 49 of the General Data Protection Regulation provides for derogations for specific situations. They are a last-resort basis for data transfer, only applicable in exceptional cases . The transfer of data ...https://tietosuoja.fi/en/derogations-for-specific-situations
-
Risk assessment and data protection planning Controllers have a responsibility to assess the risks relating to the processing of personal data every time they are about to process personal data. A risk assessment allows controllers to plan the ste...https://tietosuoja.fi/en/risk-assessment-and-data-protection-planning
-
Personal data breaches What is a personal data breach? A personal data breach means an event leading to the destruction, loss, alteration or unauthorised disclosure of, or access to, personal data. Examples of personal data breaches include lost d...https://tietosuoja.fi/en/personal-data-breaches
-
Demonstrate your compliance with data protection regulations Compliance with the provisions of the General Data Protection Regulation (GDPR) is required when processing personal data. Accountability means that the controller must be able to demons...https://tietosuoja.fi/en/accountability
-
Impact assessment Impact assessments are designed to identify, evaluate and control risks involved in the processing of personal data. They are designed to be a continuous process for identifying and controlling risks. Impact assessments must be c...https://tietosuoja.fi/en/impact-assessments
-
Right to restriction of processing The data subject can request the controller to restrict the processing of personal data concerning him or her. The restriction of processing means that, in addition to storage, the personal data subject to the re...https://tietosuoja.fi/en/right-to-restriction-of-processing
-
Purpose limitation The purpose of processing personal data must be planned and defined clearly before the start of processing. Personal data may only be collected and processed for a specific and lawful purpose. The data may not be processed in a ...https://tietosuoja.fi/en/purpose-limitation
-
Minimisation of personal data in scientific research The necessity of personal data for scientific research must be assessed at the earliest possible stage. Efforts must be made to minimise the processing of personal data. Both the amount and natu...https://tietosuoja.fi/en/minimisation-of-personal-data
-
Scientific research and data protection Taking care of data protection builds trust in research subjects and is a requirement for the success of any study. It is essential to plan the processing of personal data for its entire lifespan before the ...https://tietosuoja.fi/en/scientific-research-and-data-protection
-
Right of access Data subjects have the right to receive confirmation from the controller on whether or not the controller is processing personal data that concerns them. The data subjects thus have the opportunity to evaluate and ensure the legali...https://tietosuoja.fi/en/right-of-access