Personal data and GDPR - Hätäkeskuslaitos
Personal data and GDPR
Processing of personal data by the Emergency Response Centre Agency
The Emergency Response Centre Agency observes the core principles of the EU’s General Data Protection Regulation (GDPR). The GDPR is designed to increase the openness and transparency of personal data processing and to give data subjects more control over how their personal information is used.
Data held in the ERC information system
The Emergency Response Centre Agency has a statutory mandate to answer emergency calls, evaluate their urgency and forward any calls that require immediate action to rescue services, the police, social services or health authorities.
The Emergency Response Centre Agency has a special information system that ERC operators use to perform the aforementioned tasks. The ERC information system is used to handle approximately 3.8 calls every year.
The law stipulates that the ERC information system can only be used to store information directly related to the operation of emergency response centres. This includes the time and method of each emergency call, its content and the caller’s ID, address and other location information as well as a recording of the call.
Most of the personal data held in the ERC information system are entered by ERC operators. The information is collected directly from callers. The Police can add information relating to the personal safety of individuals and the occupational safety of the authorities, which is collected from the authorities themselves.
The units responding to an emergency may also require other information to be able to deal with the emergency. ERC operators are authorised by law to retrieve this kind of information from various information systems and to disclose it to the authority in charge of each operation. A note is made in the system of any information obtained in this manner.
According to the law, the data held in the system can only be used for the purpose of attending to the Emergency Response Centre Agency’s duties. This means that ERC operators can only use the information to handle emergency calls, alert the relevant authorities and provide support to them during operations.
The Emergency Response Centre Agency is only authorised to share this information with the police, health authorities, social services and rescue services as well as any units of the Finnish Border Guard that may be involved in responding to an emergency. The information is disclosed in order for the authorities to be able to help the person in need.