Search

Processors A processor is an individual or an organisation that processes personal data on behalf of a controller. Processors operate according to the controller’s instructions and under its supervision. The controller determines the purposes and ...

Impact assessment Impact assessments are designed to identify, evaluate and control risks involved in the processing of personal data. They are designed to be a continuous process for identifying and controlling risks. Impact assessments must be c...

Transfers on the basis of an adequacy decision Personal data can be transferred out of the European Union and European Economic Area if the European Commission has issued a decision on an adequate level of protection for personal data (‘adequacy d...

The Digital Services Act and powers of the Data Protection Ombudsman in the monitoring of online platforms The EU Digital Services Act (DSA) imposes obligations on digital service providers, such as online platforms, to improve the transparency an...

Frequently asked questions about the Digital Services Act (DSA) What kinds of operators are subject to the DSA's obligations? The obligations imposed by the Digital Services Act (DSA) apply to all online services, referred to as 'intermediary serv...

Contact information Office of the Data Protection Ombudsman Street address: Lintulahdenkuja 4, 00530 Helsinki Postal address: PL 800, 00531 Helsinki, Finland Switchboard : +358 29 566 6700 Registry: +358 29 566 6768 E-mail (registry): tietosuoja(a...

Processors’ responsibilities Processors are governed by the General Data Protection Regulation if they are established in an EU Member State they are not established in an EU Member State but their personal data processing activities relate to the...

Processing of the personal data of Data Protection Officers Controllers and processors must declare the contact details of their Data Protection Officers to our Office. The notification can be made with the form on our website or by providing the ...

In the description of public access to documents, we describe what kind of information the Office of the Data Protection Ombudsman stores and how you can request information for yourself.

Frequently asked questions on data protection and the coronavirus What does health data mean? Health data refers to information about an individual’s health, diseases, disability or treatment. Health data belongs to the special categories of perso...

Frequently asked questions about working life What personal data on employees and job applicants can an employer process? The employer may only process personal data that is directly necessary with regard to the employee's employment relationship,...

30.3.2026 | The Deputy Data Protection Ombudsman has determined that the credit information company Dun & Bradstreet Finland’s practice of allowing individuals to only check their credit information for free once per year is not compliant with data protection legislation. Several deficiencies were also found in the company’s practices for responding to personal data requests.

Annual report 2024 The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regard to the processing of personal data The Office of the Data Protection Ombudsman is an autonomous and independent authority ...

12.1.2024 | Internet platforms and other digital services will have new obligations when the application of the EU's Digital Services Act begins on 17 February 2024. The purpose of the new Act is to reduce illegal content and increase the transparency of services.

25.6.2025 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN OF FINLAND 2024 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN OF FINLAND 2024 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of ...

13.8.2024 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2023 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2023 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regar...

16.5.2019 | ANNUAL REPORT 2018 THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2 Data protection is a success factor The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regard to the processing of personal data. For ...

31.7.2023 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2022 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2022 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regar...

16.10.2019 | 1 Adopted Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects Version 2.0 8 October 2019 2 Adopted Version history Version 2.0 8 October 2019 Adoption ...

31.5.2018 | ARTICLE 29 DATA PROTECTION WORKING PARTY This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European advisory body on data protection and privacy. Its tasks are described in Article 30 of Directive 95/46/EC ...