Findata grants most permits to projects based in Finland. However, under the EU General Data Protection Regulation (GDPR), personal data must be able to move freely within the EU. This means that the permit holder may also be located in another EU or EEA country. Even in such cases, the data must be processed in an audited and secure environment, with access granted only to the individuals specified in the permit.
According to the Secondary Use Act, the secure processing environment must not be located outside the EU or EEA. Therefore, Findata does not, as a rule, transfer personal data outside the EU/EEA or to international organisations.
If data is to be transferred to or processed in countries outside the EEA (so-called third countries) a legal basis is required under Chapter V of the GDPR. It is important to note that processing personal data from outside the EEA is considered a data transfer, even if the data remains in a secure remote access environment.
Read more: