Waselius & Wist Navigation
  • Our team
  • In Focus
    • Recent Work
    • News
    • Legal Updates
    • Publications
    • Rankings
    • Blog
    • Newsletter
  • About Us
    • Corporate Social Responsibility
  • Expertise
    • Banking and Finance
    • Capital Markets
    • Corporate and Commercial
    • Corporate governance and Investigations
    • Data Protection
    • Dispute Resolution
    • Employment and Incentives
    • Energy and Natural Resources
    • EU and Competition
    • Financial Regulatory and Compliance
    • Insurance
    • Intellectual Property and Technology
    • Marketing
    • Mergers and Acquisitions
    • Private Equity
    • Real Estate
    • Restructuring and Insolvency
    • Tax and Structuring
  • Careers
    • Lawyers
    • Law students
    • Support staff
    • Open Positions
    • Contact
  • Contact
  • Our team
  • In Focus
    • Recent Work
    • News
    • Legal Updates
    • Publications
    • Rankings
    • Blog
    • Newsletter
  • About Us
    • Corporate Social Responsibility
  • Expertise
    • Banking and Finance
    • Capital Markets
    • Corporate and Commercial
    • Corporate governance and Investigations
    • Data Protection
    • Dispute Resolution
    • Employment and Incentives
    • Energy and Natural Resources
    • EU and Competition
    • Financial Regulatory and Compliance
    • Insurance
    • Intellectual Property and Technology
    • Marketing
    • Mergers and Acquisitions
    • Private Equity
    • Real Estate
    • Restructuring and Insolvency
    • Tax and Structuring
  • Careers
    • Lawyers
    • Law students
    • Support staff
    • Open Positions
    • Contact
  • Contact
In Focus
Home In Focus A new Data Protection Act to enter into force soon

Legal Updates29.11.2018

A new Data Protection Act to enter into force soon

Somewhat belated, but on 13 November 2018 the Finnish Parliament approved of the new Data Protection Act (DPA), repealing the old Personal Data Act from 1999. The aim was to have the DPA approved already in May 2018, but the government proposal for the DPA was passed to the Constitutional and Administrative Committees for examination and their final statements were given in October. This led to the DPA being approved by the Finnish Parliament only in November 2018. As soon as ratified by the President of Finland the DPA will enter into force (probably still during 2018).

The DPA applies together with the GDPR in Finland and regulates such issues that have been left outside of the scope of the GDPR for member states to include in their own national laws, such as:

Offering of information society services to children: A child cannot lawfully give consent to the processing of his/her personal data for the purposes of offering information society services if not being at least 13 years of age (the age provided by the GDPR is 16).

Health related data: The DPA provides for a possibility to process health related data also in situations other than those allowed under the GDPR. For example, health related data may be processed by

  • an insurance provider for the purposes of liability assessment
  • in the operations of a health care service provider for the purposes of organizing or producing health care services
  • in the operations of a social welfare service provider or when such a service provider grants benefits
  • in the context of anti-doping work and sports of the disabled
  • for scientific, historical research or statistical purposes.

Personal identity numbers: The DPA requires as a main rule that personal identity numbers are processed only by consent or if allowed under applicable laws. An exemption to this is however provided by the DPA, and personal identity numbers may be processed also

  • when performing a task laid down by law
  • in order to fulfil statutory rights and duties of data subjects and controllers
  • for historical and scientific research or statistical purposes
  • in credit, insurance, debt collection, payment service, rental, credit and health care operations

National supervisory authority: The relevant Finnish data protection authority is still the Data Protection Ombudsman, which has an office (expert organisation) with some 25 employees. A new feature is the expert board (under the office of the Data Protection Ombudsman) which gives statements on issues relating to the application of data protection laws.

Administrative fines: Only a special board consisting of the Data Protection Ombudsman and two deputy ombudsmen may decide on the imposing of administrative fines. Fines may not be imposed on public authorities and bodies.

In connection with enacting the DPA, also the Finnish Penal Code has been amended to include a new provision on data protection offences.  Further, a new act on the processing of personal data in criminal matters and in connection with the maintaining of national security (implementing Directive (EU) 2016/680 on data protection in the police and justice sectors) will enter into force in connection with the DPA. It currently also awaits the ratification of the President of Finland.

For further information, please contact:

Charlotta Sittnikow

Counsel

Share:
Image

Contact info

Eteläesplanadi 24 A
00130 Helsinki, Finland

+358 9 668 9520
+358 9 668 95 222
ww@ww.fi

Quick links

  • Our Team
  • In Focus
  • About Us
  • Expertise
  • Careers

E-invoicing

E-address: 003710525214
Operator: Apix Messaging Oy
Service ID: 003723327487


BUSINESS ID 1052521-4
VAT ID FI10525214

Legal notice
Privacy notice
General Terms and Conditions

© 2022 Waselius & Wist

This website uses cookies to compile statistical data on the use of our website in order to enable us to evaluate and improve our site. OK Decline Cookie Policy
Manage Cookies

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are as essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT