Finland, being part of the European Union, follows the GDPR that governs email marketing and data processing. They also have the Act on Electronic Communication Services, which implements the E-Privacy Directive. Both are used to regulate email marketing.
All emails sent for marketing purposes should have a clear identification of the sender name, mailing address and a clear identification of the sender. The law requires you to have these as compulsory data to be mentioned in your marketing emails.
You can send marketing emails to those who have provided explicit consent to receive marketing emails from you.
Email is also allowed if the recipient has not specifically opted out and if you obtain the customer's contact details in the context of sale of a product or service. You cannot sell the data, however you can use the contact information for direct marketing of your own similar products. This is essentially soft opt-in using implied consent.
As Finland follows the GDPR, it requires that your company must have a data protection officer. The person is in charge of maintaining and enforcing data security standards.
The maximum fine available under the GDPR is up to 20 million EUR, or 4% annual global turnover – whichever is higher. The Office of the Data Protection Ombudsman is the body that will safeguard rights and freedoms when processing personal data.
There might also be seperate penalty and punishment based on the Act on Electronic Communication Services, this is imposed on a case-to-case basis.