Insights | August 27, 2021

GDPR & non-compliance: Sanctions imposed by the Finnish DPA

The role of national data protection authorities in overseeing the implementation of the European Union's Data Protection Regulation (GDPR) by imposing fines for non-compliance has proven to be one of the most attention-catching features of national GDPR implementation. The most recent example is the fine imposed on Amazon EU by the Luxembourg National Commission for Data Protection. In this article, we look at the cases where administrative fines for non-compliance have been imposed in Finland.

The fine of EUR 746 million against Amazon EU, headquartered in Luxembourg, was imposed on 16 July 2021. It is considered to be by far the biggest fine imposed on a company under the GDPR and is a prime example of the power of national data protection authorities in overseeing the implementation of the GDPR.

We are often asked about the enforcement landscape in the Nordics. We outline below the enforcement trends of the Finnish Data Protection Ombudsman by describing some of the Finnish national enforcement decisions and giving an overview of the sanctions imposed.

Please find the whole article, written by Associate Trainees Suvituuli Heikkinen, Johanna Parkkinen and Jennika Sucksdorff, below.