According to the European Union’s Charter of Rights, everyone has the right to the protection of their personal data*. FOI shall handle personal data correctly and sustainably in its operations.
The focus of FOI’s work with personal data
FOI values the protection of personal data as part of the freedoms and rights of the individual and attaches great importance to the correct processing of personal data in accordance with the provisions of the Data Protection Regulation. The agency’s uniform, continuous, systematic and transparent processing of personal data (data protection) contributes to a good information structure that creates trust in FOI’s activities and increases its credibility among its clients and the general public.
Respect for the importance of personal data for individuals must be reflected in all of the agency’s work involving personal data. This means that, among other things, FOI maintains the vigour of its work with personal data by working with the issues involved on an ongoing basis. All employees also have a responsibility to continuously assess the aspects of their own work that involve personal data. FOI therefore trains its personnel to be able to assume their responsibility in the processing of personal data in a satisfactory manner.
FOI only collects information that is necessary to fulfil its duties as an agency. Prior to every collection and processing of personal data, an assessment of the processing and its legality must be conducted. This is carried out in all activities and processes that involve the processing of personal data. The principles of built-in data protection and of data protection as standard are taken into account so that systems and processes, among other things, support the principle that as little personal data as possible, with due consideration of the purpose of the processing, is collected, and that the correct personal data is registered in the correct location. During processing, FOI shall take appropriate technical and organisational measures to ensure a level of security that is appropriate in relation to the risk to the rights and freedoms of individuals and to ensure the confidentiality, accuracy, availability and traceability of personal data. FOI retains personal data only for as long as is required to ensure the fulfilment of its obligations as an agency.
The data subject has the right to receive specific information about what personal data FOI is collecting about them, and to request rectification of inaccurate personal data, or restriction of processing. All documents, including personal data, submitted to FOI become public documents that may be disclosed by the agency according to the principle of public access to official documents.
*Article 8 in the European Union Charter of Fundamental Rights.