First page >
Operation and Duties >
The Duties >
The Data Protection Ombudsman guides and controls the processing of personal data and provides related consultation. The Ombudsman exerts power in issues related to the implementation of the right of verification and the correction of personal data. The Ombudsman also follows the general development in the processing of personal data, launching initiatives if necessary. The Ombudsman sees to the distribution of information related to the field of operation and participates in international co-operation.
General Guidance and Consultation
The primary duty of the Data Protection Ombudsman is to influence, in advance, compliance with the legislation concerning the keeping of registers. The Office of the Ombudsman provides information on the Personal Data Act, aimed at both controllers and data subjects. Moreover, the in-house experts give lectures at seminars arranged both by the Office of the Data Protection Ombudsman and other organisations. Advice is also given by telephone. The guidance and consultation relating to various data system projects is a task field which is important and constantly growing.
Guidance towards the Compilation of the Codes of Conduct
The Personal Data Act emphasises the self-steering of register keeping. Controllers and communities representing them can compile field-specific Codes of Conduct for the application of the Act and for promoting good data processing practices. The Data Protection Ombudsman provides guidance and consultation in the compilation and review of the Codes of Conduct.
In addition to general guidance, the Data Protection Ombudsman provides controllers and data subjects with guidance and advice on request, and makes decisions pertaining to the compliance with legislation and implementation of the rights of data subjects. In matters concerning the implementation of the right of verification and the correction of personal data, the decisions of the Ombudsman are binding and subject to appeal.
Consultation and Statements for Authorities, Prosecutors and Courts of Law
The Data Protection Ombudsman must be heard in matters of preparation of legislative or administrative reforms concerning the protection of personal rights and freedoms in the processing of personal data. (Administrative reforms refer, for example, to organisational reforms influencing the processing of personal data). In practice, this means that the Ombudsman provides statements and participates in working groups set up for the preparation and review of legislation. The prerequisites of processing personal data must be taken into account as early as possible in the course of the preparation.
The public prosecutor must consult the Data Protection Ombudsman prior to bringing charges based on violations of the Personal Data Act. Courts of law are also obliged to provide the Ombudsman with an opportunity to be heard in cases concerning related issues. In both cases, the Ombudsman provides statements.
Supervision and Inspection
Supervision is carried out through controller’s statutory duty of notification, yet even notable exceptions may be accepted within the limits of the Data Protection Directive.
Inspections aim at assessing compliance with the law of data processing, guiding controllers, improving the standard of systems and preventing violations in advance.
Issued four times a year, the Tietosuoja magazine is published by the Office of the Data Protection Ombudsman and the Data Protection Board and is aimed at controllers in particular.
The website (www. tietosuoja.fi) for the Office of the Data Protection Ombudsman is another important channel for providing information and is frequently updated.
The Data Protection Ombudsman is a member of the consultative, independent working group of national Data Protection Ombudsmen provided for in the EU Data Protection Directive (Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the of personal data and on the free movement of such data). In addition, the Data Protection Ombudsman is a member of the joint supervisory bodies included in the Europol and the Schengen agreements.
Transfer to the Data Protection Board
If measures of guidance and advice have failed to remedy a given situation, the Data Protection Ombudsman may, in certain cases, bring an act of violation to the consideration of the Data Protection Board.