Data protection

The General Data Protection Regulation of the European Union (2016/679) defines the principles of processing personal data.

‘Data protection’ refers to measures taken to protect an individual’s privacy during the processing of personal data. The City of Espoo has the responsibility to protect the personal data of its clients, personnel and stakeholders.

The purpose of data protection is to ensure that personal data is processed correctly and in a way that is compliant with legislation. This limits the likelihood of data misuse to a minimum. Data protection improves people’s trust in online services and makes it possible for the City of Espoo to benefit from the opportunities created by the digital economy in its operations.

Data protection is the self-evident cornerstone of the way the City of Espoo processes personal data:

  1. We have a clear overall view of the personal data we are storing and of the risks related to its processing.
  2. We only collect personal data if it is necessary for some pre-defined purpose, to enable the city to perform its duties and to develop its services.
  3. In Espoo, the entire lifecycle of personal data management and protection is systematic and transparent.
  4. We train our personnel regularly to ensure that they have the data protection knowledge they need in their work.
  5. We allow our clients to access their own personal data and provide them with extensive information about our personal data processing principles.
  6. We regularly assess the risks that that personal data processing poses to individual persons’ rights and freedoms.
  7. We ensure that our contractual partners fulfil at least the minimum data protection principles laid down in the applicable legislation.

Further information about the cookies used on

Further information about data protection

Office of the Data Protection Ombudsman

General Data Protection Regulation of the European Union