Sök

Have you misplaced personal data? This page provides instructions on what to do if your personal data has been lost, stolen or acquired with a phishing message. Act fast especially if: you have lost payment card details or your online bank ID and ...

Have you been affected by a personal data breach? This page contains instructions for people who have been affected by a personal data breach. If you have been affected by a personal data breach, first check what data about you could have been dis...

Frequently asked questions about Data Protection Officers More information about data protection officers and instructions for organisations and managers that have designated a data protection officer Do the Data Protection Officer's name and cont...

Data protection officers A data protection officer is an expert within the organisation, who monitors the processing of personal data and provides advice on compliance with data protection regulations. The data protection officer monitors complian...

Processors’ responsibilities Processors are governed by the General Data Protection Regulation if they are established in an EU Member State they are not established in an EU Member State but their personal data processing activities relate to the...

Roles and responsibilities for processing personal data in scientific research A research project can involve a variety of parties in different roles. Personal data may be processed for research purposes by one or more research organizations, pers...

Transfer bases for authorities and the public sector Authorities and public organisations can transfer personal data to international organisations or the public bodies of third countries based on a European Commission decision on the adequacy of ...

Processors A processor is an individual or an organisation that processes personal data on behalf of a controller. Processors operate according to the controller’s instructions and under its supervision. The controller determines the purposes and ...

Accountability in scientific research The controller must be prepared to demonstrate that data protection regulations have been taken into account in the study. Researchers must document the implementation of data-protection principles and other p...

Contact information Office of the Data Protection Ombudsman Street address: Lintulahdenkuja 4, 00530 Helsinki Postal address: PL 800, 00531 Helsinki, Finland Switchboard : +358 29 566 6700 Registry: +358 29 566 6768 E-mail (registry): tietosuoja(a...

Submitting job applications Processing of personal data related to the job application process We publish information on open positions in the Valtiolle.fi service, which is the primary channel for submitting job applications. Through the Valtioll...

Data Protection Officer of the Office of the Data Protection Ombudsman The Data Protection Officer of the Office of the Data Protection Ombudsman acts as a contact person when the Office of the Data Protection Ombudsman processes your personal dat...

Visiting the Office of the Data Protection Ombudsman Instituting a case Our website contains electronic forms for instituting cases falling within the competence of the data protection authorities ( read more on our office’s electronic services )....

Electronic services at the Office of the Data Protection Ombudsman Instituting a case electronically The Office of the Data Protection Ombudsman uses electronic forms implemented with the Government ICT Centre's (Valtori) Turvalomake (Secure Form)...

Record of processing activities Record of processing activities is a written description of organisations personal data processing. The obligation to draw up a record of processing activities applies to all organisations with more than 250 employe...

Frequently asked questions about elections On this page, you will find answers to frequently asked questions about election advertising and data protection. See also: Frequently asked questions about direct marketing Information on the EU regulati...

Risk assessment and data protection planning Controllers have a responsibility to assess the risks relating to the processing of personal data every time they are about to process personal data. A risk assessment allows controllers to plan the ste...

Standard clauses adopted by the Commission Personal data can also be transferred out of the EU and EEA under the standard contractual clauses (SCC) adopted by the Commission. A transition period set for the adoption of the updated standard clauses...

Codes of Conduct Codes of conduct are sector-specific guidelines on the application of data protection legislation. They are intended to help organisations comply with data protection requirements with concrete and practical instructions. By commi...

Lifespan of personal data processing, data protection principles and the protection of data in scientific research If processing of personal data is necessary for the implementation of the study, the lifespan of the processing must be planned from...