On this page, you can find all the information about the regulations issued by Findata under the Act on the Secondary Use of Health and Social Data. The regulations themselves and their contents can also be found under Data, Permits and Kapseli®.
- Regulation by the Finnish Social and Health Data Permit Authority Findata: Requirements for other service providers’ secure operating environments (PDF 67 Kb)
- Annex 1: Requirements for a Secure Operating Environment (PDF 235 Kb) Issued 19 January 2022, effective date 19 January 2022
- See also: Approved data security assessment bodies (Finnish Transport and Communications Agency Traficom, National Cyber Security Centre)
This provision replaces the previous regulation issued on 5 October 2020 (THL/2492/4.00.00/2020). The updated regulation contains a copy of the criteria for issuing the certificate as well as more detailed descriptions of the requirements.
In this context, only the necessary changes have been made in order to minimise the inconvenience to the preparation and ongoing audits.
The National Supervisory Authority for Welfare and Health (Valvira) maintains Toini, a public register of the complaint operating environments of which it has been notified. Read more on the Valvira website: Register of Secondary Use Operating Environments
You can also find from this link information on registering and registration fees.
- Regulation of the Health and Social Data Permit Authority: Data contents, concepts and data structures for data descriptions (PDF 390 kB, in Finnish)
- Issued on 1 February 2021, entered into force on 1 February 2021
- See also: Decree of the Ministry of Social Affairs and Health on the obligation of the controller and the data permit authority to prepare a data description (finlex.fi, in Finnish)
- See the draft regulation that has been circulated for comment (in Finnish): https://www.lausuntopalvelu.fi/EN/Proposal/Participation?proposalId=1b6efcce-1e03-4208-9c4a-0c0f85ec79a6