What are the relevant regulations?
The Personal Data Act and the General Data Protection Regulation constitute the statutory foundation for activities taking place in the sandbox.
Other data protection regulations over which the Data Protection Authority has supervisory authority and on which the Authority can advise in the regulatory sandbox include the Police Databases Act, the Personal Health Data Filing System Act, the Health Research Act, the Health Records Act and regulations pursuant to the Working Environment Act concerning video monitoring and access to e-mails.
Read more on our page on laws and regulations
When necessary, the Data Protection Authority can work with other authorities to provide recommendations on adjoining regulations. For example, public enterprises must comply with requirements laid down in the Archives Act, Public Administration Act, and the Freedom of Information Act — to name a few.
The sandbox cannot grant exemptions from regulations. The Data Protection Authority has no intention of initiating corrective measures during an organization’s participation in the sandbox. The focus will be on helping participants comply with existing regulations.