Updated 28.09.2022

Amendment permits

An amendment application allows the applicant to apply for changes to previous, currently valid permits. Please note that for the amendment permit we need all previous permits for which an amendment or change is applied for or on which the previous permits are based.

Please read the Permits web page before applying for a data amendment permit. The page includes useful information to take into consideration before applying, while applying and after applying.

General information on amendment applications

See what you can apply to amend with an amendment application. Read more General information on amendment applications

What can you apply for with an amendment application?

This page contains information on when an amendment application is adequate and when you will new a new data permit application. Read more What can you apply for with an amendment application?

Logging into e-services

This page contains information on how to log in and select an application form. Read more Logging into e-services

Instructions for completing an amendment application

See what is asked in the application. Read more Instructions for completing an amendment application

Information on costs

See the current pricelist for amendment decisions Read more Information on costs

Application assistant

Ensure the correct address for the amendment application. Read more Application assistant

What to remember before sending an application

Select the correct application type

There are different types of applications for different information needs

  • Data permit application, when you need data on individuals
  • Data request, when you need statistical data
  • Amendment application, when you are applying for an amendment to a valid data permit
Describe and limit data

Define the data to be applied for at the variable level and remember the principle of minimisation for other information. Utilise the Data Catalogue (https://aineistokatalogi.fi/) and controller’s advisory services

  • Where from and how do I extract the target group? Is the definition specific enough?
  • Are control subjects/relatives extracted? How will they be defined?
  • From which registers will the data be extracted?
  • What variables will be included in the extraction? 

Other data to be combined

  • Have you made sure that the other data is described on the application?
  • Are the permits for other data valid or is the permit process pending?
Determine the competent authority

Findata is responsible for the application and the permit decision whenever data are combined from data controllers covered by the Act on secondary use of health and social data. The assessment of the competent authority must therefore consider all the data related to the application.

Check from the application assistant which authority the application should be sent to: Application assistant

General information on amendment applications

A data permit amendment application is sent to Findata whenever data are combined from data controllers covered by the Act on secondary use of health and social data, or if the controller has transferred its power to grant permits to Findata. A data amendment permit may be granted when the data sources and the group of research subjects remain unchanged.

Amendment applications and their attachments are confidential. When necessary, we will forward critical data as well as the applicant’s name and contact details to the controller.

The decisions and permits granted by an authority are primarily public. On our website, we will publish the following information on projects that have received favourable data permit amendment decisions:

  • date of decision
  • permit validity period
  • permit holder (organisation)
  • project name (if known)
  • issuer of the original permits
  • amendment type

This public data can be shared from the website also to other communication channels.

What can you apply for with an amendment application?

A data permit amendment application can be used to:

  • to extend the period of validity
  • change the data processors
  • extend the monitoring years on a permit granted by Findata (the target group, possible controls and relatives, and the data to be extracted remain the same)
  • change the controller of data disclosed with a data permit
  • change the permit holder
  • change the data processing environment from Findata’s remote access environment to another audited access environment
  • expand the processing of data outside the EU/EEA as opposed to the granted permit
  • add variables to the extraction of material when data extraction has already been completed (the target group, possible controls and relatives, and the registers from which the extractions are carried out remain the same)
  • add data other than that referred to in the Act on the Secondary Use of Health and Social Data, as opposed to the permit granted by Findata

As a rule, the data will always be disclosed to Findata’s secure operating environment Kapseli. However, the Act on the Openness of Government Activities makes it possible to disclose information to other operating environments, if necessary. Read more below in the section: Findata’s regulation sets information security requirements for environments.

The following changes do not require the security requirements for operating environment

  • Changing the data processors
  • Changing the controller of data disclosed with a data permit
  • Changing the permit holder
  • Add data other than that referred to in the Act on the Secondary Use of Health and Social Data, as opposed to the permit granted by Findata

    In other respects, amendment permits are subject to the same security requirements as new data permits. Read more on the page: Regulation on secure operating environments

    In the following instance, an amendment permit will not be granted

    You must apply for a new data permit if:

    • the information sources for the data and the group studied change
    • the number of monitoring years is increased for a data permit issued by a party other than Findata

    Logging into e-services

    To submit an amendement permit application, log into our e-service at: asiointi.findata.fi using either Suomi.fi e-Identification or Haka login. For more information on logging in see the Logging into services page.

    Please always log in using the same identification methods, so that you can see the applications you have sent and the decisions that have been given.

    Amendment permit applications can be submitted in Finnish, Swedish or English

    After logging in

    1. Go to the Data Catalogue tab
    2. Go to “Apply for new access rights” and select “Data permit amendment application” by clicking on “Add to basket” on the right and continue by clicking on “Apply
    3. Complete the application form utilising the instructions given below and send it to us. Unfortunately, after an application has been sent, it can no longer be edited. If you want to supplement an application that has already been sent, send us an email to info@findata.fi and tell us your application’s ID (e.g. 2022/53). We will return the application so you can supplement it.

    See also

    Dates of monthly maintenance outages in 2023
    • 19.1.2023
    • 23.2.2023
    • 23.3.2023
    • 20.4.2023
    • 25.5.2023
    • 22.6.2023
    • 20.7.2023
    • 17.8.2023
    • 21.9.2023
    • 19.10.2023
    • 23.11.2023
    • 21.12.2023

    Instructions for completing an amendment application

    We will update more detailed instructions to this section in the near future.

    The following information will be requested in the amendment application

    • Applicant’s details
    • Billing details
    • Purpose of data use
    • Additional information depending on your need for an amendment permit, i.e. information on
      • an extension to the period of validity
      • a change to the data processors
      • an extension to the monitoring years on a permit granted by Findata (the persons to be researched and the data to be extracted remain the same)
      • a change of data controller for the disclosed with a data permit
      • a change of permit recipient
      • a change to the processing environment from Findata’s remote access environment to another audited access environment
      • the expansion of the processing of data outside the EU/EEA as opposed to the granted permit
      • adding variables to the extraction when the data extraction has already been carried out (the persons to be researched and the registers from which the extractions are carried out remain the same)
      • adding data other than that referred to in the Act on the Secondary Use of Health and Social Data, as opposed to the permit granted by Findata
    • Additional information: you can give other additional information related to the application
    • Attachments:
      • Data permits to which an amendment is applied for and their attachments
      • Research plan, if the data is to be used for scientific research
      • Completed and signed confidentiality commitment forms, if you are applying for added users
      • Other possible attachments
    • Additional information: you can give other additional information related to the application
    • Attachments:
      • Data permits to which an amendment is being sought with the application
      • Confidentiality commitment forms completed and signed
      • Possible other attachments

    Download the confidentiality commitment form from the links below:

    Application processing times will be affected by the content of the application, the current application processing situation and the controller’s response times.

    You can expediate the processing of your application in the following ways.

    1. Complete the application carefully.
    2. Attach all the previous permit decisions to the application.
    3. Attach the completed and signed confidentiality agreements to the application. Every added personal data processor must have their own confidentiality commitment.

    Information on costs

    We will charge a decision fee for amendment permits according to the attached pricelist. In addition to the decision fee, we will, where necessary, charge an hourly fee for data processing carried out at Findata.

    You’ll find more information about costs on our Pricing page.

    Amendment permits pricing

    Price categoryCriteriaPrice
    Minor amendment or changeThe application seeks the following amendments or changes:
    – extension of the permit
    – modification of the persons authorized to process the data
    – changing the data processing environment from Findata’s Kapseli remote access system to another service provider’s secure operating environment
    – extension of a temporary permit granted pursuant to the transitional provision (Section 60) of the Act Amending the Secondary Act (793/2021). As of May 1, 2022, data processing is only possible in audited environments.    		250,00 EUR
    VAT +0 %
    Other amendment or changeThe application seeks one or more of the following changes or amendments:
    – the extension of the monitoring years to the authorization granted by Findata, provided that the persons to be examined and the data to be extracted remain the same
    – a change in the controller of the material released with the data
    – change of licensee / permit holder
    – extension of the processing of the data by way of derogation from an authorization granted outside the EU or EEA countries
    – adding variables to the data collection after the extraction has already taken place
    – the addition of data under other legislation in derogation from the authorization granted.    		400,00 EUR
    VAT +0 %

    Ensure the correct address for the application

    Select the controllers from which the data will be retrieved

    Apply permit from the controller in question. The exception is those controllers who have delegated jurisdiction to Findata.

    Apply permit (s) from the controllers in question.

    Findata is responsible for data permits of the Finnish Center for Pensions and the Finnish Digital Agency and / or Statistics Finland if the data are combined with

    • data of other public organizations under the Act on Secondary Use of Health and Social Data
    • data stored on Kanta services or
    • to the register data of a private social or health care service provider.

    Apply permit from Findata.

    Findata is responsible for processing and making decisions concerning data permit and amendment applications, when the application applies to data from numerous public social and health sector controllers.

    Apply permit from Findata.

    Findata is responsible for processing and making decisions concerning data permit and amendment applications, when the application applies to:

    • data from numerous public social and health sector controllers
    • register data from one or numerous private social welfare and health care service organisers, or
    • customer data saved in the Kanta Services.

    Apply permit from Findata.

    Finnish Institute for Health and Welfare (THL) and The Regional Administrative Agencies (AVI) have delegated the jurisdiction to Findata.

    As far as THL is concerned, the delegation of jurisdiction does not apply to its

    • internal permit management
    • data collected as a statistical authority
      nor
    • the transfer of samples and data transferred to THL Biopankki.

    Apply permit from Findata.

    Findata is responsible for processing and making decisions concerning data permit and amendment applications, when the application applies to:

    • data from numerous public social and health sector controllers
    • register data from one or numerous private social welfare and health care service organisers, or
    • customer data saved in the Kanta Services.