Data breach notification to Office of the Data Protection Ombudsman
- Service
- Nationwide except the Åland Islands
- Public service
If a personal data breach can cause a risk to the rights and freedoms of natural persons, the supervisory authority must be notified.
The controller must assess the level of risk caused by the personal data breach to the individuals concerned. The level of risk determines the measures required from the controller. The risks can be assessed at three levels:
- no risk,
- risk or
- high risk.
If ...
Do the following
Include a description of the data breach, how it occurred, the cause of the breach, a timeline, the data that was breached, and the consequences for the data subjects. Describe also measures in place before the breach and measures taken to address the breach.
If all the information is not available, you can submit a preliminary report and complete it later with a supplementary report. You can also provide an approximate number of personal data records and individuals concerned by the breach if the exact number is not known.
Please do not use the form to send sensitive or confidential information (e.g. information concerning health). You can send such information separately by using Ministry of Justice's secure e-mail system.