To get the best help for your situation, first answer the questions on the Preliminary questions page.
Data has been stolen or leaked from my organisation
- Preliminary questions
- Acute measures
- Post-hoc actions
Notify the authorities
Submit a notification of a personal data breach
Your organisation must notify the Office of the Data Protection Ombudsman of a personal data breach if the violation may cause a risk for the persons subject to the violation.
Inform the supervisory authority in your sector (NIS notification)
If your organisation is an operator or service provider critical for the security of supply, it must notify data security deviations in the network and information system to the supervisory authority in your sector (kyberturvallisuuskeskus.fi)Opens in a new window.. Sectors with a notification obligation are
If you suspect an offence, report it
For example, if you have been subjected to fraud, a data breach or blackmail,
Report the offence in the electronic service of the police. If the situation is urgent (e.g., money has been taken from the accounts of your organisation), report an offence straight away at your nearest police station.
Submit a notification of data security violation to the National Cyber Security Centre
Notify the National Cyber Security Centre of the Finnish Transport and Communications Agency Traficom of a data security violation such as phishing, data breach or attempts of them. The notification is not obligatory, but your organisation will receive help from the National Cyber Security Centre for investigating the data security violation.