Privacy Laws

Finland's data protection in comparison to the GDPR

The flag of FInland with the sea and coastline in the background. — © Artem / stock.adobe.com | #503167353

General overview

Finland is a member of the European Union and, as such, is subject to the General Data Protection Regulation (GDPR) that came into effect on May 25, 2018. The primary regulatory body overseeing data protection in Finland is the Office of the Data Protection Ombudsman. The GDPR serves as the overarching framework for data protection, but Finland also has its own national legislation, known as the Data Protection Act, to supplement the GDPR

GDPR opening clauses

Finland has adopted the GDPR into its national law and has also enacted the Data Protection Act to ensure the effective implementation of the GDPR. This act provides additional guidelines and clarifications, particularly in areas where the GDPR allows for national discretion.

Key differences and national specifics

Data Protection Ombudsman: Finland has a Data Protection Ombudsman, an independent authority that supervises compliance with data protection laws.
Sector-specific laws: Finland has sector-specific laws that address data protection in areas like healthcare and telecommunications.
Age of consent: In Finland, the age of consent for data processing is 13 years, which is lower than the GDPR standard of 16 years.
Employee data: Finland has specific provisions concerning the processing of employee data, which employers must adhere to.
Data breach notifications: The Data Protection Act in Finland specifies that data breaches must be reported to the Data Protection Ombudsman within 24 hours, which is stricter than the GDPR requirement of 72 hours.

Conclusion

Finland has a robust data protection framework that aligns closely with the GDPR. The country has also enacted national laws to provide additional context and clarification, making it imperative for businesses and individuals to be aware of these specifics when operating in Finland.

Write email

Group	external media
Name	Calendly
Technical name	_cf_bm,__cfruid,OptanonConsent
Provider	Calendly LLC
Expire in days	365
Privacy policy	https://calendly.com/privacy
Use	To arrange appointments via the provider Calendly.
Allowed
Group	essential
Name	Contao CSRF Token
Technical name	csrf_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Serves to protect the website from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	Contao HTTPS CSRF Token
Technical name	csrf_https_contao_csrf_token
Provider	Contao
Expire in days	0
Privacy policy
Use	Used to protect the encrypted website (HTTPS) from being falsified by cross-site requests. The cookie is deleted again after the browser is closed.
Allowed
Name	PHP SESSION ID
Technical name	PHPSESSID
Provider	Contao
Expire in days	0
Privacy policy
Use	Cookie from PHP (programming language), PHP data identifier. Contains only a reference to the current session. No information is stored in the user's browser and this cookie can only be used by the current website. This cookie is mainly used in forms to increase user-friendliness. Data entered in forms is stored for a short time, for example, if the user makes an input error and receives an error message. Otherwise, all data would have to be entered again.
Allowed
Name	FE USER AUTH
Technical name	FE_USER_AUTH
Provider	Contao
Expire in days	0
Privacy policy
Use	Saves a visitor's information as soon as they log in to the frontend.
Allowed