Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Finland: Ombudsman publishes DPO guidance

On June 18, 2024, the Office of the Data Protection Ombudsman (the Ombudsman) announced the publication of instructions for organizations that appoint a data protection officer (DPO). The Ombudsman highlighted that the DPO is meant to be an independent position with sufficient resources and cannot be fired or punished for handling personal data protection tasks. The Ombudsman also mentioned that a DPO should:

  • have access to sufficient resources to carry out tasks and have access to training;
  • be involved from an early stage in addressing data protection issues;
  • have access to all relevant information so they may give appropriate advice;
  • be present when decisions affecting data protection are taken;
  • have clearly defined and written responsibilities that are communicated to the organization's staff; and
  • report directly to senior management and be invited to regular senior or middle management meetings.

The Ombudsman also mentioned that the DPO must be independent and have no conflict of interest with their duties. The Ombudsman stated that the determination for purposes and means of processing personal data must remain with the controller and not become the responsibility of the DPO.

You can read the press release here and the guidance here, both only available in Finnish.