Privacy protection means protecting your personal information against unauthorized use that can harm you. In practice, privacy protection mainly concerns the data security of registers of persons.
According to Finnish law, personal information is information concerning a person, their characteristics or their living conditions, making it is possible to identify the person in question or their family. Such information may include, for example, name, address, e-mail address, personal identity number and, at the university, registered information concerning the courses the student has completed.
The law states that personal information must be kept secret from unauthorized persons. The information must be verified, and it may not be destroyed or handled inappropriately. Important personalinformation must be available when necessary.
On the UH privacy protection pages you will find information about electronic surveillance at UH campuses and documents containing your personal information.
Legislation on personal information
The legislation on privacy protection gives you some important rights concerning your information in different registers, their registration, handling and use. The following rights have been enacted for the information registered:
- The right to information: it is the controller’s (the entity registering the data) duty to inform you about how your data will be handled when it is gathered, because the handling must be transparent.
- Right of access: you have the right to access the register to examine what data it contains on you. In this way, you can also make sure that the data about you is correct.
- The rights to rectification: you have the right to demand that the controller rectify any faulty data about you in the register.
- The right to prohibit processing: you have the right to prohibit the controller from using your data for certain purposes, such as direct marketing.
As your data of birth, your e-mail address is also personal data. This means that no one may send marketing messages or similar without previous permission.
If you have any questions about how your personal data is being processed, contact the controller of the register first. The controller must draw up a description of the person register, including the controller’s contact information, the purpose of the register, and to whom the information may be surrendered. This description must be available to everyone.
The person registers at UH include the study register, the register over accepted students, the register for completed theses, completed exams and course register, as well as online discussions. Because of the personal-data act, there is a register description for the Student’s digital skills, too.
If you cannot clear an issue with the controller, you can contact the data protection ombudsman‘s office. If you think a person register is being processed in a way that is against the law, you can ask the police to investigate it.
General Data Protection Regulation (GDPR)
All Member States of the European Union are bound by the General Data Protection Regulation, which entered into force on 25 May 2018, aimed at improving the protection of individuals’ personal data. Among other things, it defines
- the minimum requirements for the management of data
- the obligation of businesses and communities to be transparent about what data about individuals is being processed and how, and
- the rights of data subjects concerning the processing of their personal data.
In practical terms, all EU citizens have the right to check the data stored on them, know how the data is collected, and know how and by whom the data is being processed. In addition, the regulation guarantees for citizens the right to have any incorrect data rectified as well as the right to have their data erased from registers.
In addition, the General Data Protection Regulation applies to bodies or services that store EU citizens’ personal data outside the EU.
The General Data Protection Regulation obligates data controllers (usually corporations and communities) to operate transparently in such a way that the above rights are fulfilled.