Finnish Transparency Register users must pay attention to data protection when documenting their lobbying activities

News

Under the Transparency Register Act, actors subject to the disclosure obligation must keep details of their lobbying activities in their systems. It is important to take care of data protection as regards the information stored in the systems. The NAOF and the Office of the Data Protection Ombudsman provide answers to frequently asked questions about data protection in connection with the Finnish Transparency Register.

We must keep our own internal register so that we can report on our lobbying activities to the Finnish Transparency Register. Where can we get instructions on personal data processing and data protection in connection with the Register?

Instructions on personal data processing and data protection are provided by the Office of the Data Protection Ombudsman. Comprehensive information on the processing of personal data is available on the website of the Office of the Data Protection Ombudsman at tietosuoja.fi.

Should an actor subject to the disclosure obligation prepare documents describing the processing of personal data?

An actor subject to the disclosure obligation should include a description of the processing of personal data for the Finnish Transparency Register in its record of processing activities. The record of processing activities is a written description of the processing of personal data by the organisation. It is intended for internal use of the organisation.

What is the basis for processing personal data in connection with the Finnish Transparency Register?

When disclosing personal data to the Finnish Transparency Register, disclosers act in accordance with a statutory obligation. In such cases, it is not necessary to request separate consent for personal data processing from the lobbying target or the lobbyist.

For example, can a lobbyist or a lobbying target object to the processing of their personal data in connection with the Finnish Transparency Register?

As a rule, when personal data is processed on the basis of a statutory obligation, a person's right to object to the processing does not apply.

What should be taken into account when lobbying targets are informed about the processing of their personal data for the Finnish Transparency Register?

This depends on how the personal data have been obtained. For more information, see Articles 13 and 14 of the General Data Protection Regulation.

How does the NAOF manage its GDPR obligations concerning the list of lobbying targets kept in the Finnish Transparency Register (decision-makers and public officials)?

The NAOF acts in compliance with the procedure specified in Article 14 of the General Data Protection Regulation. The NAOF is only responsible for its own activities.