Summary and useful links
Well done – you have completed the Data protection for researchers course!
Taking data protection into account is an essential part of using social and health data for research. Findata supports researchers by providing permit procedures, a secure processing environment, and clear guidance.
However, researchers themselves remain responsible for ensuring that all stages of their research are conducted in compliance with data protection requirements and legal obligations.
By handling research data responsibly and in accordance with data protection legislation, you demonstrate that you are worthy of the trust placed in you by data subjects.
Key legislation
General Data Protection Regulation GDPR (eur-lex.europa.eu)
The legal framework for processing personal data within the European Union.
Act on the Secondary Use of Health and Social Data (PDF file, 5.4 mb)
The Finnish legislation governing the secondary use of health and social data.
Data Protection Act 1050/2018 (finlex.fi)
National legislation that supplements the GDPR.
European Health Data Space Regulation EHDS (eur-lex.europa.eu)
An EU Regulation establishing a common framework for the use and exchange of health data across Member States. Secondary use is covered in Chapter IV.
Findata’s guidance
Findata’s guidance on producing anonymous results, including practical examples.
Exporting results from the processing environment
Instructions on how to export results from a secure processing environment.
Transfer of personal data outside the EU/EEA
Additional guidance on transferring datasets to so-called third countries.
Office of the Data Protection Ombudsman
Lawful Bases for Processing Personal Data (tietosuoja.fi)
Guidance on determining lawful bases for processing.
Processing special categories of personal data (tietosuoja.fi)
Information on processing sensitive special categories of personal data, including health data.
Minimisation of data (tietosuoja.fi)
Guidance on applying the principle of data minimisation.
Informing data subjects about processing (tietosuoja.fi)
Guidance on informing data subjects and preparing privacy notices.
Impact assessment (tietosuoja.fi)
Guidance on conducting a Data Protection Impact Assessment (DPIA).
Transfers of personal data out of the EU/EEA (tietosuoja.fi)
Information on transfer mechanisms and requirements for transfers outside the EU/EEA.
Accountability (tietosuoja.fi)
Guidance on measures and documentation required to demonstrate compliance.