Sök

Contact information Office of the Data Protection Ombudsman Street address: Lintulahdenkuja 4, 00530 Helsinki Postal address: PL 800, 00531 Helsinki, Finland Switchboard : +358 29 566 6700 Registry: +358 29 566 6768 E-mail (registry): tietosuoja(a...

Inform data subjects about processing The requirements of the notification practices for controllers the requirements are laid down in the GDPR. The Office of the Data Protection Ombudsman urges industries to create shared notification practices a...

When your personal data are processed in the Schengen Information System or the Visa Information System The Schengen Information System (SIS) and the joint Visa Information System (VIS) of the EU countries are information exchange systems used as ...

Frequently asked questions about information systems Can the customer of the company be entitled to log data by virtue of the right of access? Article 15 of the General Data Protection Regulation provides for the data subject's right of access to ...

30.3.2026 | The Deputy Data Protection Ombudsman has determined that the credit information company Dun & Bradstreet Finland’s practice of allowing individuals to only check their credit information for free once per year is not compliant with data protection legislation. Several deficiencies were also found in the company’s practices for responding to personal data requests.

Frequently asked questions about direct marketing Electronic direct marketing includes direct marketing via automated calling systems, as well as direct marketing implemented using email, text, sound, voice or picture messages. Traditional direct ...

Frequently asked questions about banking Are banks permitted to copy my ID? Yes. Banks have a statutory obligation to know and identify their customers. Among other things, this means that the bank must verify the customer’s identity in a reliable...

Frequently asked questions on data protection and the coronavirus What does health data mean? Health data refers to information about an individual’s health, diseases, disability or treatment. Health data belongs to the special categories of perso...

Frequently asked questions about personal identity code Is it permitted to ask for the personal identity code when a guest checks into a hotel? Yes. According to the Act on Accommodation and Food Service Activities (308/2006), an accommodation pro...

Right to inspect the data processed by a competent authority The competent authority is required to tell you whether it is processing personal data concerning you. You have the right to inspect which of your personal data different controllers are...

Processors A processor is an individual or an organisation that processes personal data on behalf of a controller. Processors operate according to the controller’s instructions and under its supervision. The controller determines the purposes and ...

Frequently asked questions about phone calls Are individuals allowed to record their own telephone conversations? Citizens have the right to record telephone calls in which they are the caller or receiver. Finland’s Constitution gives the right to...

Have you misplaced personal data? This page provides instructions on what to do if your personal data has been lost, stolen or acquired with a phishing message. Act fast especially if: you have lost payment card details or your online bank ID and ...

Storage limitation Personal data may only be stored for as long as necessary for the purposes of processing. The controller must plan and be able to justify the storage time of the personal data. The storage times of personal data must also be doc...

Controller's record of processing activities The obligation to draw up a record of processing activities applies to all organisations with more than 250 employees. Smaller organisations are also required to draw up the record if the personal data ...

Automated decision-making and profiling What does profiling mean? Profiling means the automated processing of personal data for evaluating the personal aspects of an individual. In particular, profiling refers to the analysis or prediction of aspe...

In the description of public access to documents, we describe what kind of information the Office of the Data Protection Ombudsman stores and how you can request information for yourself.

If you want to have your data rectified You have the right to demand the rectification of inaccurate personal data concerning you. The accuracy of your personal data is a part of your legal protection. You have the right to be evaluated on the bas...

If you would like to have your data erased In certain situations, you have the right to request the controller to erase the personal data concerning you. Personal data refers to information by which you can be identified. A company, authority or c...

Have you been affected by a personal data breach? This page contains instructions for people who have been affected by a personal data breach. If you have been affected by a personal data breach, first check what data about you could have been dis...