Annual Report of the Finish Data Protection Authority

The Finnish data protection authority (the Office of the Data Protection Ombudsman) has recently published its annual reports on May 17^th 2019.[1] This short article summarizes the most interesting fact regarding the English summary report.

Major Focus Points of the Finnish Data Protection Authority

The authority plans to focus until 2020

on the data subject’s rights,
the implementation of the GDPR into national laws,
preventive measures to avoid data breaches,
awareness promotion and
the promotion of the single digital market.

The Finnish Authority in Numbers

The most interesting numbers deriving from the summery of the report constitute the following:

The authority registered around 10.00 cases in 2018 (around 4000 in 2017).
The average processing time required 40 days according to the annual report.
850 cases involved the rights of the data subjects (560 were resolved in 2018).
106 cross-boarder matters concerned the Finnish data protection authority as supervisory authority in 2018, but only 5 matters required the authority to as lead supervisory authority.

The Finnish Blacklist of processing operations requiring a data privacy impact assessment

The Finnish authority has published its blacklist on data processing activities requiring a data privacy impact assessment pursuant to art. 35 of the GDPR.[2] As one of the last data protection authorities this list had been updated December 21 2018.

Conclusion

In difference to the Swedish data protection authority, Datainspektionen which has published in 2019 National Privacy Report[3] , the Finnish authority aims to reach out to an English-speaking audience. Though the numbers are relatively small in comparison with other EU data protection authorities, the authorities’ transparency and aim to support and assess organization’s GDPR compliance are recognizable. Interestingly is that the authority has even published information regarding the time to solve matters which is quite short in comparison with other authorities.

[1] English summary: https://tietosuoja.fi/documents/6927448/10717840/Annual+Report+2018.pdf/2cd8a0d3-2241-5c43-a68e-f35f74a40a1b/Annual+Report+2018.pdf.pdf; press release available in Finnish only: https://tietosuoja.fi/artikkeli/-/asset_publisher/tietosuojavaltuutetun-toimiston-toimintakertomus-2018-asiamaarat-2-5-kertaistuivat-tietoisuus-tietosuojaoikeuksista-kasvussa; report available in Finnish only: https://tietosuoja.fi/documents/6927448/10717840/TSV+toimintakertomus+2018.pdf/5749986b-ec7a-9bbd-ad30-047827aa103e/TSV+toimintakertomus+2018.pdf.pdf.

[2] English list available: https://tietosuoja.fi/en/list-of-processing-operations-which-require-dpia

[3] Available in Swedish only: https://www.datainspektionen.se/globalassets/dokument/rapporter/nationell-integritetsrapport-2019.pdf

Stefanie Wojak | 30. Mai 2019 | Aufsichtsbehörden, Datenschutz-Grundverordnung, Internationaler Datenschutz | Data Protection Authority, English Posts, Finnland