Baltic Region ry complies with the requirements of the EU’s general data protection regulation (2016/679 EU) and related laws and other regulations. Baltic Region ry makes sure that everyone
is aware of the data protection obligations related to their own position.
Baltic Region ry respects and protects the fundamental right of everyone to privacy and data protection. This policy applies to the processing of all personal data for which the Baltic Region
is responsible, regardless of the place, means or other arrangements for their processing.
Baltic Region ry maintains the report required by law and regulations on the processing
operations for which it is responsible. More detailed information can be found in the privacy statement of the personal register.
Principles of personal data processing
The following requirements shall apply to the processing of personal data:
Legality, reasonableness and transparency
Limitation of storage
Integrity and confidentiality
The principles are implemented e.g. so that:
The processing of personal data has a legal basis for processing
Adequate information shall be provided to the persons whose data are processed
Treatment is limited according to the intended use the processing complies with data security regulations.
Those whose personal data are processed are given effective opportunities to exercise their
rights and their requests are responded to without delay.
The risks of the processing of personal data are assessed from the perspective of the data
subject, the risks are minimized, for example through pseudonymous, and an impact assessment
of the processing is carried out if the risks are high.
Only necessary personal data will be processed
Ensure the accuracy of the information
Data processing activities are documented
Data processing practices are regularly evaluated
The principle of privacy by design is respected
The Baltic Region Association must be able to demonstrate that the above-mentioned
principles of personal data processing are complied with.
In its role as an employer, the Baltic Region Association must ensure that every employee is
aware of the importance of the principles of personal data processing and adheres to them,
and takes care of more detailed conditions and protection of data belonging to special groups
of personal data (sensitive personal data).
The information may be used only by the persons who need it in the course of their work and
to the extent necessary for the performance of their duties. Data may only be disclosed with
the person’s own consent or in accordance with law.
A separate consent is requested from the data subject if the data is transferred outside the EU
and EA not to safe countries. The consent specifically mentions this data protection risk.
Strengthening data protection policy
The Baltic Region Association’s Data Protection Policy was confirmed at the Board meeting
on 15 October 2018.