The list below contains the key terms and concepts in alphabetical order. Click on the term to show the definition. We will update the list as and when needed.
Please find a comprehensive list of frequently asked questions about the Act on Secondary Use of Health and Social Data on the website of Ministry of Social Affairs and Health.
List of terms
Aggregation is a statistical procedure through which data is combined and added together. Aggregated data describes a group of individuals rather than one particular individual. The data for these groups is formed in such a way that the individuals cannot be identified.
By law, customer data is confidential personal data covered by the General Data Protection Regulation which has been stored in a customer register or an associated administrative register as a result of social and health care customership or for processing of benefits.
The primary purpose of the customer data is the purpose for which the data was originally saved in the customer register and/or patient register. The primary purpose may be, for example, examination, treatment and rehabilitation of the patient, the service received by a social welfare customer, or the processing of benefits by the Social Insurance Institution of Finland.
Personal data refers to all data which refer to an identified or identifiable individual.
Personal data includes all data through which the individual could be identified either directly or indirectly, for example by combining one piece of data with another. An individual may be identified, for example, using their name, personal identity number or some characteristic that is specific to them.
Development and innovation operations
Development and innovation operations refers to application and use of technical and business data and other existing data together with the personal data referred to in the Secondary Data Act for the purpose of developing new or significantly improved products, processes or services.
In addition, the purpose of the operations must be to
- promote national health or social security
- develop social welfare and health care services for service systems
- protect individuals’ health or well-being or
- secure for them their related rights and freedoms.
A social and health care service provider that has an obligation as an authority to ensure that the customer gets the service of benefit that according to the law or authority decision is due to him or her. The obligation of a private service provider is to ensure that the customer who purchases the service privately is provided with the service that is due to him or her under the regulations on customer protection.
Individual, community, institution or foundation
- for which the person register was established and
- which has the right to determine the use of the person register
- has the legal duty of maintaining the register.
Data utilisation plan
Data utilisation plan refers to a research plan, project plan or similar plan.
The plan must express
- the intended purpose of the data referred to in the permit application
- the controller and processors of the data
- the legal ground for the processing and
- the essential elements of data protection and data security related to the processing throughout the life-cycle of the data (data storage, erasure or archiving)
Knowledge management refers to the processing of data carried out by a service provider in their customer, service and production processes for the purpose of supporting
- operations, production and financial control
- management and
Data permit authority
Findata is the data permit authority for the social and health care sector which makes data permit and data request decisions regarding the data of other controllers. Findata is responsible for the gathering, combining, previewing and disclosing of data for secondary use in accordance with the decisions it makes.
Findata also monitors compliance with the conditions of the permits it issues. It may cancel the data permit if the permit holder either fails to comply with the law or violates the conditions of the permit.
A data permit is a permit issued in accordance with the Secondary Data Act for the processing of the secret personal data specified in the permit for the purpose described in the permit.
A data request is a request to obtain aggregated statistics created from personal data for use in accordance with the Secondary Data Act.
In statistical data, individual personal data is combined and added together. Statistics describe groups of individuals rather than particular individuals. The data for these groups is formed in such a way that the individuals cannot be identified.
Secondary Use Act
Secondary Use Act refers to the Secondary Data Act. Read the Secondary Use Act in Finlex.
The objective of the Secondary Use Act is to enable efficient and secure processing of personal data collected during the provision of social and health care as well as personal data collected for the purpose of steering, supervision, researching and collecting statistics on the social and health care sector. The Act also seeks to secure the legitimate expectations, rights and freedoms of individuals when processing personal data.
Secondary purpose of personal data refers to the processing of personal data for a purpose other than its primary purpose. The secondary purposes permitted under the Act are
- scientific research
- development and innovation operations
- knowledge-based management
- steering and supervision by authorities and
- authorities’ planning and reporting duties.