In Finland, the authority supervising the processing of personal data is the Office of the Data Protection Ombudsman. Two Deputy Data Protection Ombudsmen will be appointed alongside the current Data Protection Ombudsman, Reijo Aarnio. In addition, the Office of the Data Protection Ombudsman is recruiting eight Senior Inspectors. Thus, it is noticeable that also the supervisory authority is preparing to exercise the powers appointed to them by the GDPR and the act on data protection, such as the power to impose administrative fines or even prohibit the processing of personal data in situations where the processing is contrary to the GDPR.
In many countries, the data protection authorities have already taken actions. In the UK, the Information Commissioner’s Office (ICO) issued a £500,000 fine to Facebook for serious data protection breaches. The ICO considered that the consent provided by Facebook users was not sufficiently clear or well-informed, and that the personal data of users who had not given their explicit consent had also been unlawfully processed. In Germany, the Data Protection Authority imposed a fine of €20,000 to a company whose customers’ usernames and passwords were stolen and published. The Data Protection Authority announced that the size of the fine was positively influenced by the company’s active cooperation with the authority. In Sweden, the Data Protection Authority carried out an inspection to nearly 400 companies and authorities. As the national act comes into force and the Office of the Data Protection Ombudsman obtains additional resources, the Finnish data protection authority is also expected to become more active.