Skip to content

Data Protection

EU General Data Protection Regulation

Data protection means the protection of personal data. The objective of the EU General Data Protection Regulation (EU) 2016/679, which has been fully applicable as of 25 May 2018, is to improve the protection of personal data, increase the transparency of the processing of personal data for the data subjects, or clients, and give them more ways to manage the processing of their personal data. Another objective of the Data Protection Regulation is to answer questions about data protection brought on by digitalisation and globalisation. The Data Protection Act complements and clarifies the provisions of the Data Protection Regulation.

Data protection in the services of the City of Helsinki

When you are a customer of the services of the City or otherwise have dealings with the City, the City collects your personal data to the extent it is necessary in order to take care of the matter.

Personal data means such data by which a person can be identified. Such data is, for example, name, e-mail address, telephone number, positional information, personal identity code and patient data.

There is always a legal basis for the processing of personal data at the City of Helsinki. In the processing and archiving of personal data, the City also complies with data processing practice and national data security instructions and good practices. Personal data is processed with care and to its purpose. The personnel of the City is regularly trained for processing personal data. The processing of personal data is monitored and the use of systems that include personal data is tracked.

File descriptions

The City of Helsinki collects personal data to different registers according to the purposes of use. The personal data files have file descriptions from which you can see the purposes of the processing for each file and other useful information, such as the names of the data controller and the contact person for the filing system.

Your rights and their enforcement

As a data subject, you have rights related to your own personal data and the processing of them at the City of Helsinki. You have, among other things, the right to know whether your personal data are processed at the City and which data are processed and request access to the data about you. You also have the right to demand a rectification of inaccurate personal data. The rights are enforced in different manners depending on the reason for the processing.

A majority of the City's services are based on compliance with a legal obligation. In such cases, the City does not need a separate consent to process your personal data. However, part of the services are of the kind to which personal data are collected based on consent, in which case the City asks for your consent to process your data. You have the right to withdraw the consent that you have given at any time. To enable the production of the service, you have to provide the necessary personal details, otherwise the service cannot be produced.

The City of Helsinki's DPIA tools

The City of Helsinki has published its own data protection impact assessment (DPIA) tools. The objective of the publishing of them is to facilitate the cooperation connected to data protection between the City and its service producers.

Moreover, the City of Helsinki wants to further the realisation of integrated and default data protection outside the city borders as well by making the impact assessment tools available to everyone.

The impact assessment tools have been designed for the City of Helsinki's operations, which is why users outside the city must consider the applicability of the tools for their own operations.

Further information

You can turn to the City of Helsinki's Data Protection Officer if you want to know more about the processing of your personal data.

Data Protection Officer
City Executive Office
PO Box 1
00099 City of Helsinki

Information about data protection and the data subject's rights (pdf)

01.09.2020 12:10