Search

Archive On this page, you will find the annual reports of the Office of the Data Protection Ombudsman from previous years. Annual Report of the Office of the Data Protection Ombudsman 2023 (pdf) Annual Report of the Office of the Data Protection O...

Duties of the Data Protection Ombudsman supervising compliance with data protection legislation and other laws concerning the processing of personal data promoting awareness of the risks, rules, safeguards, obligations and rights related to the pr...

Frequently asked questions about Data Protection Officers More information about data protection officers and instructions for organisations and managers that have designated a data protection officer Do the Data Protection Officer's name and cont...

Annual report 2024 The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regard to the processing of personal data The Office of the Data Protection Ombudsman is an autonomous and independent authority ...

25.2.2025 | The EU's Digital Services Act imposes obligations on digital service providers to improve the transparency and security of their services. Last year, authorities in Finland received nearly 80 complaints about suspected breaches of the Digital Services Act, and the EU Commission has launched several investigations into digital waste. The act, which improves users' rights, has been fully in force for one year as of February 2025.

Have you misplaced personal data? This page provides instructions on what to do if your personal data has been lost, stolen or acquired with a phishing message. Act fast especially if: you have lost payment card details or your online bank ID and ...

Have you been affected by a personal data breach? This page contains instructions for people who have been affected by a personal data breach. If you have been affected by a personal data breach, first check what data about you could have been dis...

25.6.2025 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN OF FINLAND 2024 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN OF FINLAND 2024 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of ...

Transfers on the basis of an adequacy decision Personal data can be transferred out of the European Union and European Economic Area if the European Commission has issued a decision on an adequate level of protection for personal data (‘adequacy d...

Frequently asked questions regarding the adequacy decision concerning data protection in the United States For organisations What does the adequacy decision concerning the United States mean? The European Commission's decision on the adequacy of d...

Data protection officers A data protection officer is an expert within the organisation, who monitors the processing of personal data and provides advice on compliance with data protection regulations. The data protection officer monitors complian...

When is the processing of personal data permitted? Legal bases for processing personal data The processing of personal data always requires a legal basis, which must be determined before the start of processing. Once the processing of personal dat...

Processors’ responsibilities Processors are governed by the General Data Protection Regulation if they are established in an EU Member State they are not established in an EU Member State but their personal data processing activities relate to the...

Data breach notification Purpose of processing If a personal data breach can cause a risk to the rights and freedoms of natural persons, the supervisory authority must be notified. In Finland, the Office of the Data Protection Ombudsman functions ...

Personal data breaches What is a personal data breach? A personal data breach means an event leading to the destruction, loss, alteration or unauthorised disclosure of, or access to, personal data. Examples of personal data breaches include lost d...

Frequently asked questions about working life What personal data on employees and job applicants can an employer process? The employer may only process personal data that is directly necessary with regard to the employee's employment relationship,...

Frequently asked questions about the Digital Services Act (DSA) What kinds of operators are subject to the DSA's obligations? The obligations imposed by the Digital Services Act (DSA) apply to all online services, referred to as 'intermediary serv...

Frequently asked questions about elections On this page, you will find answers to frequently asked questions about election advertising and data protection. See also: Frequently asked questions about direct marketing Information on the EU regulati...

Designating a data protection officer A data protection officer must be designated if your organisation processes sensitive data on a large scale monitors individuals regularly, systematically and on a large scale or your organisation is a public ...

Supervision of codes of conduct The code of conduct must specify a mechanism for the effective monitoring of compliance with the code. Monitoring means ensuring that the controllers and processors committed to compliance with the code follow the p...