Amendment permits

An amendment application allows the applicant to apply for changes to previous, currently valid permits. Please note that for the amendment permit we need all previous permits for which an amendment or change is applied for or on which the previous permits are based.

Please read the Permits web page before applying for a data amendment permit. The page includes useful information to take into consideration before applying, while applying and after applying.

A data permit amendment application is sent to Findata whenever data are combined from data controllers covered by the Act on secondary use of health and social data, or if the controller has transferred its power to grant permits to Findata. A data amendment permit may be granted when the data sources and the group of research subjects remain unchanged.

Amendment applications and their attachments are confidential. When necessary, we will forward critical data as well as the applicant’s name and contact details to the controller.

The decisions and permits granted by an authority are primarily public. On our website, we will publish the following information on projects that have received favourable data permit amendment decisions:

• date of decision
• permit validity period
• permit holder (organisation)
• project name (if known)
• issuer of the original permits
• amendment type

This public data can be shared from the website also to other communication channels.

A data permit amendment application can be used to:

• Extend the period of validity
• Change the data processors
• Extend the period from which data is extracted (only if the previous permit has been granted by Findata, or by the controller that has subsequently transferred its authority to grant permits to Findata)
• Change the controller of data disclosed with a data permit
• Change the permit holder
• Change the data processing environment from Findata’s remote access environment to another audited access environment
• Expand the processing of data outside the EU/EEA as opposed to the granted permit
• Add variables to the extraction of material when data extraction has already been completed (the target group, possible controls and relatives, and the registers from which the extractions are carried out remain the same)
• Add data other than that referred to in the Act on the Secondary Use of Health and Social Data, as opposed to the permit granted by Findata

As a rule, the data will always be disclosed to Findata’s secure operating environment Kapseli. However, the Act makes it possible to disclose information to other secure operating environments, if necessary. Read more below in the section: Findata’s regulation sets information security requirements for environments.

The following changes do not require the security requirements for operating environment

• Changing the data processors
• Changing the controller of data disclosed with a data permit
• Changing the permit holder
• Add data other than that referred to in the Act on the Secondary Use of Health and Social Data, as opposed to the permit granted by Findata

In other respects, amendment permits are subject to the same security requirements as new data permits. Read more on the page: Regulation on secure operating environments

In the following instance, an amendment permit will not be granted

You must apply for a new data permit if:

• The information sources for the data and the group studied change
• The number of monitoring years is increased for a data permit issued by a party other than Findata

To submit an amendment permit application, log into our e-service at: asiointi.findata.fi using either Suomi.fi e-Identification or Haka login. For more information on logging in see the Logging into services page.

Please always log in using the same identification methods, so that you can see the applications you have sent and the decisions that have been given.

Amendment permit applications can be submitted in Finnish, Swedish or English

1 Public information about the project

• Project name
  • The permits granted by an authority are primarily public. We publish the following information on our web page for the projects that have been granted an amendment of a data permit: date of the permit, permit holder (organisation), authority/authorities that have granted the original data permit(s); type of the amendment.
• A brief description of the project
  • Please provide a short description of the study or project and the use of the requested data. The short description of the purpose of data use of a project that has been granted a data permit is published on Findata’s web page. Write the description so that it does not contain any confidential information.

2 Details of the applicant

• Permit applicant refers to the person or organization named in the data permit application to whom the amendment of the data permit applied for will be issued. Enter the contact person’s information in the “Details of the contact person” section.
• Enter the applicant’s business ID. If the applicant is an individual, enter 123 in the field. If the applicant organization is located in an EU/EEA country other than Finland, please name the official register in which the organization is registered.

3 Details of the contact person

• Contact person refers to the person who responds to enquiries concerning the application. The contact person’s details can be forwarded to the controller during the processing of an application if amendment of the a data permit requires extraction and additional information is needed for the extraction.
• Describe the relationship between the contact person and the applicant in the application. The relationship can be based on, for example, an employment or a public service appointment.

4 Invoicing details

• E-invoice is always the primary method of invoicing. If the invoiced party is different from the applicant, indicate the connection of the invoiced party to the project in the application.
• Invoicing details for Finnish payers:
  • E-invoicing is the primary invoicing method for Finnish payers. In your application, state the connection between the invoiced party and the project. Inconsistencies between the applicant and the invoiced party (e.g. the payer is not the applicant) can be clarified where necessary in the Additional information section.
  • If necessary ask for more information from your organisation’s financial department. You can also search for e-invoice addresses on the TIEKE Finnish Information Society Development Centre website: https://verkkolaskuosoite.fi/. A list of e-invoicing addresses is maintained by Finnish e-invoice operators.
  • A VAT number is formed from a business ID e.g. 1234567-8. Add the two letter country code FI to its beginning and remove the hyphen from the ID e.g. FI12345678.
• Invoicing details for foreign payers:
  • If the payer is not Finnish the payer should have a Peppol-address for the e-invoicing.
  • If the payer doesn’t have a Peppol-address, the invoice is sent by mail.

5 The permit or permits to which you apply for an amendment

• Please fill information about data permits that would be amended. Amendment of a data permit is only possible for valid permits.
• Please do not fill information about data permits that are not subjects to this application. If you are applying for an addition of data other than that referred to in the Act on the Secondary Use of Health and Social Data, please list the permits considering this data in the section 7.
• Indicate the issuers of the original data permits. You can indicate several permit issuers.

6 Purpose of data use

• Please note that when applying for a change to a data permit, the purpose of use must be the same as in the original permit.

Click to see more information about different use purposes:

7 Applied data permit amendment(s)

• State which amendment or amendments you are applying for to the valid data permit or permits.
• If necessary, indicate the current operating environment of the data. From 1 May 2022 onward, the analysis of the data is only permitted in audited operating environments that meet the requirements of the Act on the Secondary Use of Health and Social Data and the Findata’s regulation.
• If you only want to transfer your research data to Kapseli, please order Kapseli from Findata’s e-service.
• If your data is transferred to Statistics Finland’s Fiona user environment because the data is combined with data provided by Statistics Finland as a statistical authority, select “Addition of data other than referred by the Secondary Use Act” as the applied data permit amendment. In this case, you do not need to apply for a change “Changing the operating environment of the data to an environment other than Kapseli”.
• If you are applying to transfer your data to Statistics Finland’s Fiona operating environment for other reason and your data is not combined with data provided by Statistics Finland as a statistical authority, select “Changing the operating environment of the data to an environment other than Kapseli”.

Download the confidentiality commitment form from the links below:

• Findata confidentiality commitment form in Finnish
   (Word file, 35 kt)
• Findata confidentiality commitment form in English
   (Word file, 40 kt)

8 Additional information and attachments

• In this section, you can specify previous sections of the application, for example with regard to invoicing.
• If you have spoken about your application with a Findata employee in advance, please give the person’s name.
• If you have spoken about your application or about extraction with a contact persons of controllers in advance, please enter the names of these persons here. For example, if you have agreed that extraction will be implemented in a certain way, give the name of the person with whom you agreed on the matter.
• Add possible attachments.
• Please do not attach data to this application

9 Confirmation of information

Before we make a decision on an application, you as the applicant must approve the maximum cost estimate for the extraction and pre-processing of data.

Application processing times will be affected by the content of the application, the current application processing situation and the controller’s response times.

You can expediate the processing of your application in the following ways.

1. Complete the application carefully.
2. Attach all the previous permit decisions to the application.
3. Attach the completed and signed confidentiality agreements to the application. Every added personal data processor must have their own confidentiality agreement.

We will charge a decision fee for amendment permits according to the attached pricelist. In addition to the decision fee, we will, where necessary, charge an hourly fee for data processing carried out at Findata.

You’ll find more information about costs on our Pricing page.

Amendment permits pricing

Price category	Criteria	Price
Minor amendment or change	The application seeks the following amendments or changes: – extension of the permit – modification of the persons authorized to process the data – changing the data processing environment from Findata’s Kapseli remote access system to another service provider’s secure operating environment – extension of a temporary permit granted pursuant to the transitional provision (Section 60) of the Act Amending the Secondary Act (793/2021). As of May 1, 2022, data processing is only possible in audited environments.	250,00 EUR VAT +0 %
Other amendment or change	The application seeks one or more of the following changes or amendments: – the extension of the monitoring years to the authorization granted by Findata, provided that the persons to be examined and the data to be extracted remain the same – a change in the controller of the material released with the data – change of licensee / permit holder – extension of the processing of the data by way of derogation from an authorization granted outside the EU or EEA countries – adding variables to the data collection after the extraction has already taken place – the addition of data under other legislation in derogation from the authorization granted.	400,00 EUR VAT +0 %

Ensure the correct address for the application