Profitable and sustainable business 

The Otava Group’s three business areas are Books, Otava Learning and Media. The Books business consists of Otava Publishing Company’s general literature (which includes fiction, non-fiction, and children’s and young adult literature), Otava Book Printing Ltd, and Suomalainen Kirjakauppa Ltd, which sells books and other products. Otava Learning is part of Otava Publishing Company, and its core business is publishing learning materials. Media business area is run by Otavamedia Oy, which publishes magazines. 

As a family-owned company, our aim is to create economic wellbeing by ensuring the continuity and operating conditions of our forward-looking and profitable business activities.

Our commitment to the UN Global Compact initiative and our membership in the Finnish Business & Society (FiBS) network reinforce our commitment to sustainable business practices and ethical conduct. 

Value chain

The Otava Group’s supply chain in Finland consists of about 2,950 subcontractors. The largest single supplier group comprises small companies providing content services. Procurements are highly concentrated: the Group’s 50 key suppliers account for 66 per cent of total purchases, and 15 of them account for 50 per cent of that amount. Our key partners primarily provide us with goods as well as distribution, printing and ICT services.

During 2025, the Otava Group’s total purchases from goods suppliers and service providers totalled EUR 151 million. Sustainability in our value chain is a key aspect of the Group’s overall sustainability. For this reason, we are constantly enhancing our cooperation with partners and improving transparency in our procurement processes.

As part of these efforts, we are strengthening our supplier criteria, which include ethical principles, consideration of environmental responsibility, and upholding both labour and human rights. As an example, we updated our Code of Conduct for our partners and are incorporating it into our agreements. In addition, we are continuously refining our human rights due diligence process to identify the human rights impacts of our business operations and to minimise any potential negative impacts.

We updated our Code of Conduct for our partners and are incorporating it into our agreements.

Data, information security and data protection

The responsible use of data and the careful and appropriate processing of personal data are an integral part of our everyday work. The Otava Group’s Code of Conduct guides our actions in these matters as well. Training, briefings and bulletins help us to ensure that our personnel are familiar with the requirements for information security and data protection requirements.

Responsible use of data

The Otava Group is committed to the responsible use of data.

We comply with Group-wide agreed principles governing the use of data. We ensure sound management of the data lifecycle as well as the quality and accuracy of data.

We continued the technical development of our data platforms in 2025. We are developing infrastructure and solutions that will allow data to be used securely and reliably by automated processes and artificial intelligence.  We are also developing data-driven reporting to enable more real-time monitoring of our carbon footprint and to support better decision-making.

Information security and data protection

Data protection is a fundamental right of every individual. In our operations, we process personal data and seek to maintain trust in the digital services and systems we manage.

The Otava Group and its personnel are committed to processing personal data carefully and responsibly. We monitor changes in legislation, data protection regulations and compliance requirements to ensure that rights relating to the use of personal data and privacy are respected. We always comply with our privacy policies and practices when processing personal data. In 2025, we implemented a data protection management model and conducted an assessment of our own operations in collaboration with an external partner. The development actions identified in this assessment are being systematically implemented in accordance with an established action plan.

Our data protection and information security practices are continuously evolving, and our objective is to maintain business continuity as seamlessly and efficiently as possible.

We regularly assess our information security and seek to identify cyber risks affecting our operations. This ensures that Group companies have layered protection against cyber threats. Capabilities for threat detection and mitigation are continuously improved together with external partners.

We monitor changes in legislation, data protection regulations and compliance to ensure that privacy and personal data usage rights are being respected.

Our personnel regularly deepen their knowledge of information security and data protection with the aid of online courses. These courses are part of our employee onboarding. During 2025, we updated the content of online courses, practiced preparedness through tabletop exercises, and increased personnel awareness of phishing through targeted training. Personnel received monthly information security and data protection updates, and a data protection theme day was organised to address topical issues.

We actively monitor developments in data, information security and data protection regulation through working group meetings.  We actively participate in information-sharing and cooperation groups coordinated by the National Emergency Supply Agency and the National Cyber Security Centre Finland to enhance national and sector-specific cyber security

Two data protection incidents occurred during the year, both of which were assessed as low risk. One of these incidents required notification to the data protection authority.

In 2024, Otavamedia’s cookie-related decision issued by the Finnish Transport and Communications Agency (Traficom), as well as the appeal lodged against the decision, were under consideration by the Administrative Court. No ruling was issued during the reporting year.