Processing of applications and data

This page describes the Health and Social Data Permit Authority Findata’s application and data processing process as regards data permits and data requests.

Both parts of the process are also presented as text after the infograph.

Processing of applications

The figure shows Findata's application processing for data permits and data requests. The content of the image is also in text format on this page.
  1. The applicant should contact the data controllers directly before sending the application, if he / she needs more information about the data or variables.
  2. The applicant submits their application or requested additional information to Findata in the electronic application system at https://lupa.findata.csc.fi.
    • If the applicant is only submitting additional information, the clarifications may, depending on the case, also be submitted by e-mail.
  3. Our application processors check applications and their appendices to ensure that these contain all the necessary information.
    • Where necessary, we will return an incomplete application to the applicant for completion, or we will submit a request for further clarification to the applicant.
  4. When all the extraction descriptions have been completed, we will send additional information and cost estimate requests to the controllers whose information is requested in the application.
    • The purpose of the request is to determine the feasibility of the requested extraction and the maximum cost estimate for the extraction.
    • According to the Act on the Secondary Use of Health and Social Data, the controllers have 15 working days to respond to this request. Where necessary, controllers may ask for additional details to the request, in which case we will forward the questions to the applicant.
    • At this stage, we will also determine Findata’s internal cost estimate, which comprises our own data processing costs.
  5. Once all the cost estimates have been received, the applicant will be presented with a final extraction description and a maximum cost estimate for approval.
    • The applicant must accept both in order for the permit to be granted.
    • It should be noted that it will not be possible to change the extraction conditions after this, and that changes made to the extracted data later on will require a separate application.
  6. We at Findata will issue a positive data permit or data request decision.

Processing of data

The figure shows Findata's data processing for data permits and data requests. The content of the image is also in text format on this page.
  1. We will send the data requests to the controllers so that extraction can begin. Each controller has 30 working days to submit the requested data to Findata.
    • Depending on the nature of the project and the extraction, this phase may include several consecutive parts, such as 1. extraction of the target group; 2. extraction of the controls; 3. extraction of data.
  2. We will process the received data and, as agreed on for each project, we will check, combine and pseudonymise the data or make statistics on them in accordance with the data request.
  3. The completed data will be handed over to the permit holder in an agreed-upon secure operating environment. Findata’s secure remote access environment is the primary option.
    • The target time for the handing over of data is 60 working days. It should be noted that compliance with this target time will not be possible if a target group is not given immediately after the decision has been made, data extraction is carried out in several stages, deliveries by data controllers are delayed or the data is particularly complex.
  4. The permit holder has 30 working days to review the data. The permit holder must notify Findata within this given time period of any comments they wish to make on the data.
  5. We will remove the data from our own systems 3 months after it has been handed over. We will retain the code keys for pseudonymised data that will enable the data to be reproduced.