The secondary use of health and social data is governed by several laws that safeguard data protection and define the conditions under which the data may be processed.
The EU General Data Protection Regulation (GDPR) establishes the general principles for processing personal data across the EU. It is complemented by national legislation, such as the Act on the Secondary Use of Health and Social Data (the “Secondary Use Act”), which specifically regulates the secondary use of health and social data in Finland.
The Secondary Use Act centralises the issuance of data permits to Findata and defines in detail the permitted purposes for data use as well as the requirements for data security and oversight.
In the coming years, the European Health Data Space (EHDS) regulation will harmonise the use of health data and permit procedures for secondary use across the EU. EHDS will strengthen individuals’ rights to their data and promote the secure and efficient cross-border use of health data. The provisions concerning secondary use will apply starting in March 2029.
Other key laws include:
- Data Protection Act (Tietosuojalaki)
- Act on the Processing of Client Data in Healthcare and Social Welfare
- Medical Research Act
- Clinical Trials on Medicinal Products for Human Use Act
- Act on the Medical Use of Human Organs, Tissues and Cells
- Biobank Act
Read more: