Metropolia Privacy Policy
All higher education institutions and educational institutions process a lot of personal data and this is also the case in Metropolia. The processing of personal data takes place all the time in teaching activities, RDI activities, as well as in projects and projects. There are certain legal obligations related to the processing of personal data to which Metropolia as a data controller has committed itself.
All processing of personal data complies with national and international legislation on data protection, such as the EU General Data Protection Regulation. In addition, Metropolia applies a common code of conduct for higher education institutions approved by the Office of the Data Protection Ombudsman.
Legislation on personal data
Please note that English translations from Finnish laws are not official, only Finnish and Swedish versions are legally binding. English translations might not be up to date with the established law in Finnish and Swedish.
EU’s General Data Protection Regulation or GDPR for short has been applied in all EU/EEA member states from 25.5.2018.
Finnish Data Protection Act has been applied from 1.1.2019 and it repealed Personal Data Act. Data Protection Act complements EU’s General Data Protection Regulation.
The Finnish Office of the Data Protection Ombudsman is enacted to be the highest authority overseeing data protection laws in the Data Protection Act. This includes the right to impose an administrative fine on breach of data protection laws described in the GDPR Article 83. The Office of the Data Protection Ombudsman has the right to impose an administrative fine to a data controller or data processor up to 20 000 000 euros or four per cent of the annual global revenue of the preceding financial year (applies only to enterprises), whichever of these is greater.
Data Protection Ombudsman Anu Talus or other officials in the Office of the Data Protection Ombudsman has the right to carry out inspection visits while carrying out their job, and to ask data controller to present a record on processing activities pursuant to Article 30 of the GDPR.
Act on the Protection of Privacy in Working Life. The act covers key labor privacy issues by creating procedures for working life needs.
Act on Electronic Communications Services regulates the confidentiality of electronic communications, direct marketing and privacy.
Act on Openness of Government Activities determines, for example, which personal data can be released from the Authority and to whom.
Act on Information Management in Public Administration regulates and determines from 1.1.2020, for example, common data security requirements for the use of information systems throughout Finnish Public Administration. Risk management requirements are tightened, change management is required to document, log requirements for certain systems enter into force and transition to electronic case management and archiving is enshrined in the Act.
Act on the Provision of Digital Services (doesn’t have an English translation). The Act implements the EU Accessibility Directive in Finland. The Act on the Provision of Digital Services, which entered into force in Finland on 1 April 2019, obliges that, for example, all websites of public sector bodies in Finland and mobile apps to be accessible for blind people and other people who need accessibility.