The Kanta Services comply with the EU’s General Data Protection Regulation and the data protection legislation in order to implement the data protection and information security of personal data. The Kanta Services and the related systems are certified in accordance with THL’s regulation and the Client Data Act. Kela and all organisations using the Kanta Services implement self-monitoring by drawing up an information security plan. They also monitor the implementation of the plan and keeping it up-to-date.
The task of the Kanta Services is being responsible for the
- protection of the data entered in Kanta.
In the Kanta Services, personal data is processed to the extent that is necessary in order to settle a fault or error situation, in the processing of data requests and in maintenance tasks assigned to Kela.
Healthcare and social welfare service providers, pharmacies and independent prescribers are responsible for the accuracy of the data they record and for the appropriate handling of the data.
Data Protection Officers monitor the implementation of data protection
The Kanta Services, healthcare and social welfare service providers and pharmacies have an appointed Data Protection Officer with a task of guiding and monitoring the implementation of data protection in their own organisation. Clients can ask the Data Protection Officer for advice or action in matters related to their rights.
Monitoring of data processing
Service providers monitor the processing of client and patient data with the aid of log data. Log data is stored of all processing of client and patient data via the Kanta Services. With log data, it is possible to find out who has processed the data and why.
You can monitor the use of your own data
You have the option of monitoring the use and sharing of your own data. You can see in My Kanta Pages which healthcare and social welfare service providers or pharmacies have processed your data. You can also request the controller for information about who has handled and viewed data that concerns you. The viewing of data requires a care or client relationship and consent to data sharing.