The General Data Protection Regulation (GDPR) of the EU primarily applies to all types of processing of personal data. It includes regulations on the rights of the data subject and the obligations of the controller and the processor of personal data. The GDPR is directly applicable legislation. However, the regulation leaves some opportunities for national exceptions and specifications that are stipulated by the proposed Data Protection Act.

 

The processing of personal data in criminal matters is excluded from the GDPR’s field of application. The objective of the Data Protection Directive for Police and Criminal Justice is to modernise regulations, facilitate the free mobility of data between the police and legal authorities of EU countries and to ensure the protection of personal data in the processing of criminal matters. The Act on the Processing of Personal Data in Criminal Matters, enforcing the directive, would be applied in, for example, preventing or investigating a crime, initiating a consideration of charges, engaging in legal action, processing a criminal matter in court, enforcing a sanction or preventing threats to public safety.

The bills were approved in accordance with the format of Parliament’s Administration Committee reports HaVM 13/2018 and HaVM 14/2018 (in Finnish).