Privacy services

Have you identified the processes handling personal information? How about the systems in which the information is stored? How do you manage personal data in outsourced information systems?

The Finnish Personal Data Act and EU’s forthcoming General Data Protection Regulation (GDPR) define that organizations have an obligation to protect personal information against unauthorized use. With Nixu's privacy services, you can ensure that personal information is handled according to laws and regulations, while minimizing information-related risks. Nixu can also help you to prepare a privacy policy as well as descriptions of file. 

Evaluating privacy

Evaluating privacy only from the legal point of view is not enough. Instead, compliant privacy protection practices require a comprehensive understanding of the current state of privacy practices and the life cycle of personal information in the organization. Our experts assess your organization’s current privacy protection status from management, technical and legal points of view. If necessary, we will also utilize privacy lawyers in the provision of our services.  
Nixu Privacy Health Check
A quick analysis of the current state of privacy in your organization and your organization's capabilities to respond to privacy related requirements.
Personal Data Mapping
Nixu Personal Data Mapping project helps your organization to identify e.g.:
  • What personal information is collected?
  • Who can access personal information?
  • Where personal information is stored?
  • Are there any data transfers or disclosures to third parties?
As a result, you will get a data flow map as well as a description defining the identified information systems and roles processing personal data and observed risks and weaknesses. Personal Data Mapping identifies the life cycle of personal information in your organization. A legal compliance analysis of personal information processing can be carried out based on this project.
Nixu Privacy Assessment & Roadmap 
A comprehensive identification of privacy risks and assessment of development needs from the legal and compliance points of view. As a result of this service, you will get a roadmap that helps you to reach the defined target state and be compliant with current privacy protection regulations.
Nixu Privacy Impact Assessment
Nixu Privacy Impact Assessment is a comprehensive analysis of how the privacy requirements are met and how the data processing practices affect data subject’s privacy e.g. in a planned new service or an information system project.
Based on the analysis we will provide you with recommendations on how to minimize the identified risks and to ensure that privacy requirements are met.

Developing privacy

As a natural continuation to evaluating privacy, we help you to raise your organization's privacy practices to the level required by legislation or to a level corresponding with the defined target state. Functional and up-to-date information security is a precondition for the successful protection of personal information.  
Privacy development actions focus on your organization's development needs and they can be for example an improved capabilities to control data breaches or the development of a privacy impact assessment methodology. 
Nixu Privacy Program
Being compliant with privacy requirements requires a systematic approach and planning regarding the processing of personal information.
We help you to create a privacy program suitable to your organization culture including the operating methods to lead and monitor privacy, control privacy risks and ensure privacy compliance in your organization. 
We define principles and practical instructions guiding privacy, build the technical capabilities required and ensure the functionality of privacy-related risk management, monitoring and reporting practices.

Maintaining privacy

Nixu Data Protection Officer
With the Nixu Data Protection Officer service, you can outsource the tasks of the data protection officer. Our continuous service includes the role of the data protection officer (DPO). DPO can be provided either as a full-time role or to separately agreed tasks. The tasks of a data protection officer include e.g.:
  • Overall control of privacy management and implementation
  • Monitoring the implementation and application of the EU General Data Protection Regulation
  • Guidance and training for the organization
  • Monitoring privacy impact assessments
  • Contact point for data subjects
Read more about:


Data controllers are unaware of their obligations

In a survey commissioned by the Data Protection Ombudsman of Finland, only 46 percent of respondents were aware that, under section 32 of the Finnish Personal Data Act, data controllers have the obligation to implement the technical and organisational measures necessary for securing personal information against unauthorised access and other unlawful processing. (cf. Data Protection Ombudsman’s office web site in Finnish,

Regulatory aspects of personal information protection

When processing personal information, remember

  • the EU Data Protection Regulation
  • the Finnish Personal Data Act
  • the Finnish Act on the Openness of Government Activities
  • the Finnish Act on the Protection of Privacy in Working Life
  • the Finnish Act on the Protection of Privacy in Electronic Communications

Compliance Management

Bringing requirements under unified compliance management
Read more

The Finnish government’s information security levels and ICT contingency planning

Ensuring compliance with the Finnish Vahti guidelines and information security regulations.
Read more