Sök

Safeguards to supplement transfer tools The level of protection for personal data must be essentially equivalent to that guaranteed within the EU when transferring data to international organisations and third countries outside the European Econom...

Transfer of data abroad Research is an international activity, and a need to transfer personal data out of Finland may arise during a project. There is legislation to ensure that the level of data protection does not deteriorate even if a research...

When your personal data are processed in the Schengen Information System or the Visa Information System The Schengen Information System (SIS) and the joint Visa Information System (VIS) of the EU countries are information exchange systems used as ...

Transfers on the basis of an adequacy decision Personal data can be transferred out of the European Union and European Economic Area if the European Commission has issued a decision on an adequate level of protection for personal data (‘adequacy d...

Derogations for specific situations Article 49 of the General Data Protection Regulation provides for derogations for specific situations. They are a last-resort basis for data transfer, only applicable in exceptional cases . The transfer of data ...

Transfer bases for authorities and the public sector Authorities and public organisations can transfer personal data to international organisations or the public bodies of third countries based on a European Commission decision on the adequacy of ...

When is the processing of personal data permitted? Legal bases for processing personal data The processing of personal data always requires a legal basis, which must be determined before the start of processing. Once the processing of personal dat...

Processor's record of processing activities Organisations are obligated to draw up a written description of their personal data processing. This description is called a record of processing activities. The obligation to draw up a record of process...

Controller's record of processing activities The obligation to draw up a record of processing activities applies to all organisations with more than 250 employees. Smaller organisations are also required to draw up the record if the personal data ...

19.3.2026 | This year, European data protection authorities will investigate how well organisations comply with the transparency and information obligations related to personal data processing. Data protection authorities from 25 countries across Europe will take part in the action.

Annual report 2024 The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regard to the processing of personal data The Office of the Data Protection Ombudsman is an autonomous and independent authority ...

Right of access Data subjects have the right to receive confirmation from the controller on whether or not the controller is processing personal data that concerns them. The data subjects thus have the opportunity to evaluate and ensure the legali...

5.3.2025 | This year, the European data protection authorities will examine how organisations are exercising the right of individuals to have their personal data erased. Thirty-two data protection supervisory authorities from across Europe are participating in the joint inquiry. The Office of the Data Protection Ombudsman will investigate the situation in Finland through an anonymous survey of data controllers.

25.6.2025 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN OF FINLAND 2024 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN OF FINLAND 2024 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of ...

17.1.2023 | The Deputy Data Protection Ombudsman has issued a reprimand to the libraries of the cities of Helsinki, Espoo, Vantaa and Kauniainen for infringements of data protection legislation in the processing of personal data. The websites of the Capital Region's Helmet libraries have used tracking technologies that may have conveyed data on, for example, the books and other materials searched for by users to third parties. Personal data has also been unlawfully transferred to the United States.

19.5.2023 | Page 1 of 16 Adopted - After public consultation Guidelines 04/2021 on Codes of Conduct as tools for transfers Version 2.0 Adopted on 22 February 2022 Page 2 of 16 Adopted - After public consultation Version history Version 2.0 22 February 2022 Ad...

31.7.2023 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2022 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2022 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with regar...

7.12.2022 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2021 2 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2021 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with reg...

24.9.2019 | ARTICLE 29 DATA PROTECTION WORKING PARTY This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European advisory body on data protection and privacy. Its tasks are described in Article 30 of Directive 95/46/EC ...

27.9.2021 | ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2020 2 ANNUAL REPORT OF THE OFFICE OF THE DATA PROTECTION OMBUDSMAN 2020 3 Contents The Office of the Data Protection Ombudsman safeguards the rights and freedoms of individuals with reg...