In their research, researchers often process personal data as well. Personal data include all data related to identifiable natural persons (data subjects).
Everyone has the right to privacy and the protection of their personal data. As a controller and processor of personal data, the University of Helsinki is committed to safeguarding the rights and freedoms of individuals when processing their personal data.
The purpose of data protection is to secure data subjects’ rights and freedoms in the processing of their personal data. Legislation sets out the provisions for when and under what conditions personal data can be processed.
The implementation of data protection safeguards people’s privacy and trust, as well as protects personal data from unauthorised processing.
The rector decided on the data protection principles of the University of Helsinki (Flamma, requires login) on 13 April 2022. These principles of data protection define the principles, responsibilities and courses of action in accordance to which personal data are processed at the University.
For the purposes of protecting data, there are other guidelines in force at the University, which together with these principles constitute a single entity.
The principles of data protection are aimed at ensuring that the University complies with the obligations set by the General Data Protection Regulation of the EU (2016/679), national legislation and other legislation pertaining to the processing of personal data, as well as that compliance can be demonstrated through documentation.
The processing of personal data for the purposes of scholarly research must comply with the data protection principles of the University of Helsinki. In addition, the scholarly goals of individual research projects are taken into consideration.
When personal data are processed in research projects carried out at the University, the appropriate processing and protection of personal data are ensured. Researchers comply with the University’s guidelines on data protection (Flamma), and each researcher processing personal data is responsible for their appropriate processing. The University provides its employees with support services and data protection training to enable the processing of personal data in compliance with the requirements of data protection legislation, the University’s data protection principles and the ethical conduct of research in general.
Before commencing the processing of personal data, researchers must complete
The required ethics review must be carried out before the collection of personal data commences.
Necessary agreements pertaining to the processing of personal data must be concluded with partners or subcontractors.
Researchers inform study subjects in a transparent manner of the following:
For the purposes of informing study subjects, researchers draw up a data protection notice to be distributed to the subjects.
When conducting research, researchers actively and systematically manage data protection and information security. Data must be processed for lawful purposes and only to the extent necessary for carrying out the research.
In publications and when making their research datasets available to the academic community, researchers must take into consideration the principles of data protection. Unnecessary material containing personal data must be destroyed. Data must be pseudonymised or anonymised if the research can be carried out using such data.
Principal investigators of research projects are responsible for ensuring that the projects comply with data protection legislation and the data protection principles of the University of Helsinki.
Principal investigators are responsible for ensuring that researchers are trained in the practices of processing personal data before the processing commences. Principal investigators specify the responsibilities and duties of processing personal data included in research materials based on the roles of the staff (coordinator, contact person or processor).
Further details on the duties of the data protection officer are provided by the office of the Data Protection Ombudsman.
Questions for the data protection officer of the University of Helsinki can be submitted via email at firstname.lastname@example.org.