Data processing and data protection in the Tax Administration Incomes Register Unit

Processing of personal data in the Incomes Register Unit

The Incomes Register Unit maintains the Incomes Information System and is responsible for the functioning and information security of the Incomes Information System together with the Tax Administration.

The Incomes Information System comprises the Incomes Register, which contains information submitted to meet the statutory reporting and disclosure obligation and information disclosed in compliance with the data access right, as well as a register containing identifying and contact information used for data verification and validation purposes.

The Incomes Information System is used to receive and store data reported by employers and other parties referred to in the Act and forward the data to authorities and other parties entitled to such data in order to fulfil the payers’ statutory reporting and disclosure obligation as well as to implement data access rights.

The Incomes Register Unit obtains the income data saved in the Incomes Register from employers and other payers, and the identifying and contact information that is used for data verification and validation purposes from the Population Information System and Business Information System.

The Incomes Register Unit is a controller as referred to in the European Union’s General Data Protection Regulation (EU 679/2016).

The Data Protection Officer of the Tax Administration is Lead Expert Helena Hynynen, and the deputy is Senior Specialist Taito von Konow.

Incomes Information System and personal data processing

Record of personal data processing in the Tax Administration Incomes Register Unit

Description of information system: Incomes Information System

Confidentiality and public disclosure of data

Income and other payments recorded in the Incomes Register, and data on the income recipient and payer, are confidential. Data may only be disclosed for purposes laid down in law.

Recipients of personal data

 Personal data is only disclosed from the Incomes Information System to the data users laid down in law. The intended uses and data access rights are provided for in law.

Data security principles

As a government authority, the Tax Administration is obliged to comply with good data processing practices, an increased level of information security as provided in the Government Decree on information security in central government and, as a controller, the protection measures specified in Article 32 of the General Data Protection Regulation. The security of the Tax Administration's information systems is audited.

The data is protected against unauthorised viewing, modification and destruction. Such protection is based on access control, personal user identifiers and restriction of user rights.

The viewing and modification of data are restricted in accordance with staff duties, and any viewing and modification is logged.

The accuracy of the data is ensured through automated and manual computerised controls at different stages of data processing.

Backup copying and physical security procedures ensure the conservation of data. Data on paper, related to the register, is protected through access control and locked archives.

Access to one’s personal data

As the party concerned, everyone has the right to obtain information on documents concerning themselves.

Under the General Data Protection Regulation, everyone has the right to know what personal data concerning them is processed by the controller. The person has the right to access such data.

Income earners and payers have the right to view data saved about themselves in the Incomes Information System via the e-service. Payers also have the right to view the data they have reported that is saved in the Incomes Register.

Income earners can request an extract from the Income Register Unit on payments made to them.

Correcting data

Payers are responsible for the accuracy of the data they have reported to the Incomes Register, and for correcting any errors in the data without undue delay.

If an income earner requests that data reported by a payer be corrected, the correction request must be submitted to the payer.

If technical errors are detected in the data, the Incomes Register Unit can request the payer to check the accuracy of the data it has reported to the Incomes Register.

Income earners and payers can submit and correct the contact information they have provided to the Incomes Information System via the e-service.