Compliance with the accountability principle

‘Accountability’ refers to the controller’s obligation to be able to demonstrate compliance with the laws governing the processing of personal data.

In order to satisfy the accountability requirement under data protection laws, the police has, among other things,

• adopted an information security and data protection policy that all members of the police’s staff and all those who process the police’s data must observe. The police’s information security and data protection policy sets out the police’s information security and data protection priorities. 
• drawn up privacy statements. For the sake of transparency, the statements are published on the Poliisi.fi website.
• trained the organisation’s staff in data protection matters.
• appointed a Data Protection Officer and set up a network of data protection experts.

The police follows the principles of continuous improvement in respect of data protection, information security and the rights of data subjects.

Data protection and information security objectives

The police’s primary objective when it comes to information security and data protection is to ensure continuity, reliability, security and people’s privacy. A secondary objective is to ensure the integrity and confidentiality of data in all circumstances as required by the law.

Reliability and regulatory compliance are at the core of all aspects of processing, at all stages of the life cycle of data and regardless of format.

Secure, systematic and careful data processing helps the police to meet its objectives and improve the standard of the organisation’s operations as well as to strengthen the public’s trust in the police.

The responsibility for information security and data protection is shared by all those who process the police’s data and use the organisation’s information systems.

Data protection and information security organisation

The controller is responsible for ensuring that the rules on the processing of personal data are followed across the entire police organisation. The controller’s other responsibilities include coordinating and protecting the rights of data subjects.

The police’s information security and data protection organisation is based on the following principles:

• The National Police Board is responsible for planning, improving, coordinating and overseeing information security and data protection across the organisation.
• The National Police Board’s Chief of Information Security manages, plans, develops and coordinates the police’s information security efforts.
• The National Police Board’s Data Protection Officer coordinates, develops and maintains data protection and the police’s data protection competence. The Data Protection Officer coordinates the police’s data protection procedures and monitors and oversees compliance with data protection regulations.
• Units responsible for the development of information systems plan, manage and improve the information security of the data and information systems used in their respective fields as well as the protection of personal data.
• Information system engineers and content developers as well as the police’s data protection and information security staff help those responsible to ensure and monitor compliance with the applicable information security and data protection requirements.
• Every member of the police’s staff is responsible for ensuring data protection and information security in respect of their own actions.

Data protection and information security procedures

The National Police Board has a special data protection team that supports the Data Protection Officer and the Chief of Information Security in their work.

The data protection team’s other key responsibilities include

• maintaining and overseeing the accuracy of data held in the police’s national information systems,
• monitoring, auditing and supporting the management of the police’s information security, cyber security and personal data protection,
• consulting on projects, development initiatives and purchases,
• assessing information security and data protection risks, and
• coordinating account privileges and log audits.

The data protection team provides advice and support to project teams and other stakeholders in respect of the police’s data protection and information security development initiatives. Information security and data protection in all of the police’s operations are ensured through teamwork.