Code of conduct

The FinnGen study is a 10-year project whose goals and operational principles are based on a cooperation agreement. The partners include Finnish biobanks (and their host organizations) and pharmaceutical companies. The research project is committed to communicating about the study and its progress as openly as possible.
A woman wearing a yellow coat standing on the deck of a boat, looking at the sea
We are committed to open communication

Legal points of view

The implementation of the research project is based on the cooperation agreement between the parties and the approved research plan. The Coordinating Ethics Committee of the Helsinki and Uusimaa Hospital District has evaluated the project. FinnGen research project is based on samples from Finnish biobanks and data from national health registers. The study applies the permissions to utilise the register data for research purposes from national authorities. The research project complies with existing legislation (in particular the Biobank Law and the Personal Data Act) and will conform to any new laws. The EU Data Protection Regulation that came into force in May 2018 has been taken into account when planning the project.

Data controller

University of Helsinki is responsible for the FinnGen research project and the official data controller of the study. Each sample is coded so that individuals can not be identified when biobank samples are used for FinnGen research. Direct identification of persons (eg name or personal identity number) has been replaced by a research code (eg FGid458793x). It is therefore not possible for researchers to identify individuals from large research material.

Data security

A key feature of the project is that an individual’s data will not be released. Instead, de-identified data is analysed within a secure, monitored environment. In FinnGen (as in all biobank projects), the participants' data are processed in a secure environment with controlled access rights. The FinnGen study has a designated data security and data protection officers who supervise these processes. We have also asked external parties to evaluate the data privacy and security of the project. The risk of data misuse is very small.