| Tietosuojavaltuutettu | |
| Agency overview | |
|---|---|
| Formed | 1987 |
| Jurisdiction | Finland |
| Agency executive |
|
| Parent agency | Ministry of Justice |
| Website | tietosuoja.fi |
The Data Protection Ombudsman (Finnish : Tietosuojavaltuutettu, Swedish : Dataombudsmannen) is a Finnish government agency responsible for monitoring compliance with data protection legislation and other laws related to the processing of personal data. The ombudsman has the authority to issue orders concerning the rights of data subjects and other issues related to personal data processing. Additionally, the ombudsman, together with two deputy data protection ombudsmen, forms the sanctions board, which has the power to impose administrative fines for violations of the EU General Data Protection Regulation (GDPR).
The Data Protection Ombudsman's Office operates under the jurisdiction of the Ministry of Justice but functions independently in carrying out its duties and exercising its powers. [1] [2]
The office of the Data Protection Ombudsman was established in 1987. [3]
From 1997 to 2020, Reijo Aarnio served as Finland's long-term Data Protection Ombudsman. [4] He was appointed to three additional five-year terms and a final extension in 2017, which lasted until October 2020. [5]
Since November 1, 2020, the position has been held by Anu Talus. [6]
At the European Union level, a separate European Data Protection Supervisor has existed since 2001. [7]
In 2018, the European Data Protection Board was established to ensure uniform application of data protection laws across EU member states. The board includes representatives from all national data protection authorities and the European Data Protection Supervisor. [8]
The duties of the Data Protection Ombudsman are defined in the EU GDPR and Finland's national data protection legislation.
The ombudsman is responsible for handling and resolving data protection issues in accordance with applicable laws. The office also promotes awareness of data protection rights and obligations, issues statements on legislative proposals, and cooperates with other European data protection authorities, representing Finland in the European Data Protection Board. [1]
The sanctions board, consisting of the ombudsman and two deputies, is responsible for imposing administrative fines for serious data protection violations under the GDPR. [9]
In Finland, all companies and authorities are required to provide individuals with access to their personal data upon request. If the data contains errors, they must be corrected. Under certain circumstances, individuals may also request data deletion. [10]
If a request for access is denied or incorrect data is not corrected, individuals can seek assistance from the Data Protection Ombudsman. If an organization refuses to provide the requested data, it must state the legal grounds for its decision. [11]
In certain exceptional cases, such as police confidential registers, where individuals do not have direct access rights, the Data Protection Ombudsman can review the data's legality on their behalf.