home
My favourites

GDPR

About the GDPR


Name: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

(Link to original text)

Type: Regulation.

Objective and key elements:

  • To harmonise rules across the EU and to protect the fundamental rights and freedoms of individuals relating to data protection in the EU
  • Covers the processing of personal data by entities operating within the EU and by entities outside the EU if they offer goods or services to individuals in the EU
  • The purpose of the GDPR is to give individuals more control over their personal data such as the rights to access and erasure of processed personal data
  • Encourages the implementation of data protection by design and by default for entities processing personal data (technical and organisational measures)
  • To establish instruments for international data transfers to non-EU countries based on adequacy decisions of the Commission (see more below)

Relevant to: Entities processing personal data and individuals whose personal data is processed.

Status: In force, applicable since 25 May 2018.
Documents:

  • Adequacy decisions of the Commission for data transfers to non-EU countries are available here

Guidance:

(Last updated 30 September 2024)

Implemented in Finland as: Tietosuojalaki 5.12.2018/1050 / Data Protection Act

Status: In force.

  • Please note that there is an ongoing statute drafting project in the Ministry of Justice for a Government proposal for the total reform of the Data Protection Act. The goal of the reform is to repeal provisions that interfere with the free movement of data or the use of cloud services or that otherwise hamper the providing of public services and to better take advantage of the national exemptions provided for in the GDPR. More information about the project is available here.
  • The period for submitting comments on an interim report mapping the national legislation, which can affect the movement of data and organising the providing of public services, ended on 31 August 2024. Comments are available here (in Finnish only).

Supervisory authority: The Data Protection Ombudsman

(Last updated 23 September 2024)