About a half a year after the passage into the power of the EU General Data Protection Regulation (the “GDPR”), the Finnish Parliament, at last, affirmed the national Data Protection Act on 13 November 2018. The Act supplements and indicates the GDPR, which is straightforwardly relevant in all EU part states. The Data Protection Act has now been affirmed to go into power on 1 January 2019, and we present underneath specific key focuses significantly in the arrangements of the national Act.
The most significant focuses in the new Finnish law are:
Kids’ information, delicate information, the individual character code and criminal feelings
- The period of agreeing concerning offering data society administrations to kids has been set to 13 years, while the default choice in the GDPR is 16 years.
- The further explicit lawful justification for handling wellbeing information are acquainted for insurance agencies with characterize obligation. Handling of wellbeing information and genetic information is additionally taken into account hostile to doping work and with regards to wearing for debilitated individuals.
- Preparing of individual character code (PIC) is dependent upon extra prerequisites. PIC might be handled, for example, motivations behind loaning, obligation accumulation and protection.
- A few occasions are distinguished in which on-screen characters other than open specialists are permitted to process individual information identifying with criminal feelings. This incorporates circumstances where preparing is conveyed for the foundation, exercise and resistance of legitimate cases or by courts settling on such asserts. Preparing information on criminal feelings is likewise took into account relevant, authentic or factual research and for insurance agencies to characterize obligation.
Open specialists, the Data Protection Ombudsman and regulatory fines
- The Data Protection Ombudsman stays as the national information insurance authority and manages the whole field of information assurance in Finland. The Finnish Data Protection Board, which under the old Personal Data Act was the most significant essential leadership organization in close to home information matters, is disbanded.
- Open specialists and bodies are rejected from the GDPR managerial fines.
- The managerial fine will be forced by a three-part board comprising of the Data Protection Ombudsman and two Deputy Data Protection Ombudsmen.
- The privilege of access and appropriate to get data about the handling have been constrained regarding the preparing for different errands of open specialists. For example, these information subject rights might be confined for the reasons for wrongdoing anticipation and keeping up free request. These criticisms are joined by different shields for the information subjects.
The legitimate ground of open intrigue and handling for the motivations behind the articulation
- The legitimate ground of handling for the presentation of an errand did in the open intrigue is determined by an arrangement expressing that preparing is permitted on the off chance that it concerns data in regards to the status, obligations and execution of an individual in an open company, business, third-division association or similar action. This arrangement will keep up the circumstance under the old Personal Data Act advancing the right to speak freely and the guideline of transparency.
- The open intrigue legal ground is additionally indicated by presenting an arrangement permitting handling for logical or recorded research, measurements and chronicling. Subject to extra shields, information subject rights might be constrained in when preparing depends on these grounds.
- Preparing individual information exclusively for journalistic, scholarly, creative or abstract reasons for existing is allowed without a different legitimate ground. Besides, special cases to specific GDPR commitments are presented. For example, information subject rights (access, amendment and eradication, information convey ability, and so forth.) are restricted when handling happens exclusively for these reasons.
For more details, visit:
https://fra.europa.eu/en/theme/information-society-privacy-and-data-protection/data-retention
