Finland EPP

Sari Essayah

Country: Finland
Group: European People's Party (EPP)
Party: Suomen kristillisdemokraatit (KD)

Member of Employment and Social Affairs
Substitute of Economic and Monetary Affairs

Overview Sari Essayah

Amendments: 20
...stronger: 0
...weaker: 12
...neutral: 8

Amendments by Sari Essayah

3a. Articles 7(4), 15(1)(e), 17, 18, 22(c) and (e), 33, 35, 36, 37 and 79(4), (5), (6) and (7) of this Regulation shall not be applicable to the processing of personal data carried out by public authorities.
 
5. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the conditions referred to in point (f) of paragraph 1 for various sectors and data processing situations, including as regards the processing of personal data related to a child.
 
4. Consent shall not provide a legal basis for the processing, where there is a significant imbalance between the position of the data subject and the controller. This does not apply to public authorities or employer's opportunities to process personal data on the basis of the consent of the citizen or the employee.
 
(da) the data are processed for historical, statistical or scientific research purposes subject to the conditions and safeguards referred to in Article 83 and the provision of such information proves impossible or would involve a disproportionate effort.
 
1. The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, unless the data controller is a public authority or an entity commissioned by the authority or otherwise acting on the behalf of an authority for the performance of the commission. The data subject shall have the right especially in relation to personal data which are made available by the data subject while he or she was a child, where one of the following grounds applies:
 
1. The data subject shall , unless it would require a disproportionate effort by the data controller, have the right, where personal data are processed by electronic means and in a structured and commonly used format, to obtain from the controller a copy of data undergoing processing in an electronic and structured format which is commonly used and allows for further use by the data subject..
 
3a. Paragraphs 2 and 3 shall not be applicable to the public sector.
 
4. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of specifying any further criteria and requirements for appropriate measures referred to in paragraph 1 other than those already referred to in paragraph 2, the conditions for the verification and auditing mechanisms referred to in paragraph 3 and as regards the criteria for proportionality under paragraph 3, and considering specific measures for micro, small and medium-sized-enterprises.
 
4. The Commission may lay down technical standards for the requirements laid down in paragraph 1 and 2. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 87(2).
 
(b) an enterprise or an organisation employing fewer than 250 persons that is processing personal data only as an activity ancillary to its main activities.
 
6. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and conditions for the processing operations likely to present specific risks referred to in paragraphs 1 and 2 and the requirements for the assessment referred to in paragraph 3, including conditions for scalability, verification and auditability. In doing so, the Commission shall consider specific measures for micro, small and medium- sized enterprises.
 
7. The Commission may specify standards and procedures for carrying out and verifying and auditing the assessment referred to in paragraph 3. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 87(2).
 
3. Where the controller or the processor is a public authority or body, the data protection officer may be designated for several of its entities, taking account of the organisational structure of the public authority or body. Several public authorities or bodies may also, taking account of the organisation structure of the public authorities or bodies, jointly designate a data protection officer.
 
11. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements for the core activities of the controller or the processor referred to in point (c) of paragraph 1 and the criteria for the professional qualities of the data protection officer referred to in paragraph 5.
 
(b) an enterprise or an organisation employing fewer than 250 persons is processing personal data only as an activity ancillary to its main activities.
 
(ba) a public authority is processing data.
 
7a. Article 79(4) to (7) shall not apply to public authorities. The supervisory authority shall not possess authority to define and impose fines on public authorities.
 
3. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying other reasons of public interest in the area of public health as referred to in point (b) of paragraph 1, as well as criteria and requirements for the safeguards for the processing of personal data for the purposes referred to in paragraph 1..
 
3. The Commission shall be empowered to adopt delegated acts in accordance with Article 86 for the purpose of further specifying the criteria and requirements for the safeguards for the processing of personal data for the purposes referred to in paragraph 1.
 
1a. A person may give consent that sensitive data concerning that person may be used for non-specified historical, statistical or scientific research purposes without the person receiving information about each specific research project.