Rights of the data subject

Rights of the data subject

The operation of Kanta Services takes account of the rights of the data subject both under the EU General Data Protection Regulation and national legislation.

The aim of the EU General Data Protection Regulation (GDPR) (eur-lex.europa.eu) is to improve the protection of personal data and data protection rights.

Rights under the EU General Data Protection Regulation

GDPR guarantees various rights of the data subject, i.e. the person whose data is being processed. These include

  • access to your own information
  • right to demand amendment of incorrect information
  • right to be forgotten
  • right to have the information deleted.

Further information on GDPR on the Office of the Data Protection Ombudsman website (tietosuoja.fi, in Finnish)

National legislation also guides data processing

In some areas and to some extent, the national legislation of an EU member state may override the stipulations of the EU General Data Protection Regulation. As an example, processing of personal data by the authorities is primarily based on the national regulations of the state of Finland. 

The operation of Kanta Services is also based on special national legislation. Not all the rights of the data subject cited in the EU General Data Protection Regulation are directly applicable to the information entered in Kanta Services. 

Obligations of Kanta Services and social and healthcare service providers

Maintaining the national social and healthcare information system services or Kanta Services is the statutory function of Kela. 

The statutory obligations of service providers and Kanta Services are:

  • In addition to their own patient records databases, healthcare service providers enter their clients' medical records into Patient Data Repository in Kanta Services.
  • Social and healthcare service providers and pharmacies enter information concerning prescriptions into Prescription Centre in Kanta Services. 
  • Details of information given to the patient, their consents and refusals of disclosure are entered in Data Management Service in Patient Data Repository. Data Management Service also contains any statement of wishes given by the patient, such as their living will and wishes regarding organ donation.

Read more

Last updated 23.10.2020