Findata offers controllers (those controlling the data resources) support for creating data descriptions as well as an anonymisation service and permit processing service.
Creating data descriptions
We help controllers to create data descriptions for their register content so that those requiring data are able to assess the suitability of the register’s data for secondary use. Our cooperation with controllers in the creation of data descriptions will begin in 2020. We will first discuss with the controllers the standardisation criteria for the data descriptions, and then provide guidance on creating the descriptions. The Ministry of Social Affairs and Health will be issuing a decree on data descriptions.
If the secondary data use application relates to only one controller, that controller is themselves responsible for processing the data permit application and making the permit decision.
If the data is disclosed to the permit holder in anonymised form, we will anonymise the data on behalf of the controller and deliver it for the permit holder’s use. The controller delivers to Findata the data permit it has issued and the related data using a secure data transfer channel.
The anonymisation service will open in 2020.
The controller is themselves responsible for processing the data permit application and for the permit decision if the secondary data use application relates to only one of the following controllers:
- public service providers of social welfare and health care
- Finnish Institute for Health and Welfare
- Social Insurance Institution of Finland (benefits and prescriptions)
- National Supervisory Authority for Welfare and Health Valvira
- regional state administrative agencies (matters relating to social welfare and health care)
- Finnish Institute of Occupational Health (occupational illnesses, exposure tests, patient registers)
- Finnish Medicines Agency Fimea
- Ministry of Social Affairs and Health.
Permit processing on behalf of the controller
The controllers listed above may authorise Findata to carry out on their behalf, as detailed in the Secondary Data Act, services other than advice and data description services. In such cases, we also process on behalf of the controller those data permit applications which relate only to the content of the controller’s own registers.