The organisational reform that was started in 2017 continued in 2018. The reform process was analysed and additional reforms were made. The Cancer Society and its employees are jointly responsible for following the principles of data security. Organisation of the central office The CSF’s health promotion activities were divided between two teams: a youth health promotion team and a team for the Good Day project. Another reform targeted the Cancer Foundation’s communication function, which was merged with the fundraising department of the Foundation. Data management also underwent some changes. The IT team headed by the IT manager was transferred to the Finance and Administration Department. The team preparing the Cancer Registry’s database reform continues as part of the Registry functions. Steering groups Work in the steering groups continued based on the steering group reform of 2017. The primary tasks of the five steering groups are: Steering Group for Cancer Society of Finland General directions Extended Steering Group for Cancer Society of Finland Operational and financial planning and monitoring, broader issues concerning personnel policy Steering Group for Cancer Foundation Cancer Foundation’s communications and fundraising, investments, activities related to research funding and other funding Steering Group for Finnish Cancer Registry Cancer registration, register-based services and research Steering Group for Data Management (management team for data management as of 1 Sep 2018) Financially significant data management issues that concern more than one unit. Management of the Cancer Foundation The Cancer Foundation does not have a staff of its own, so the Cancer Society’s staff attend to the tasks of the Foundation. Sakari Karjalainen, MD, PhD, has been the Foundation’s secretary general. In 2018, a total of €375 000 was transferred to the Foundation for administration salary and social costs (€351 000 in 2017). Pension fund The Cancer Society is responsible for the pension liability of the former CSF pension fund, dissolved in 1981, and for a separate pension liability. There are 57 persons in the scope of this liability. Realising social responsibility The Cancer Society closely determines its relationship with the tobacco, alcohol, and pharmaceutical industries. We do not cooperate with those who receive funding from the tobacco or alcohol industry. In the CSF investment plan, companies in the industrial sector have been excluded from possible investment targets. Any collaboration with the pharmaceutical industry complies with the industry’s own ethical rules concerning cooperation with patient organisations. In line with CSF policy, we may cooperate with pharmaceutical companies but projects must then involve at least three pharmaceutical companies. The CSF is a smoke-free workplace. In all procurement and activities, we observe the principles of sustainable development. Offices The central office of the CSF is located in Helsinki at Unioninkatu 22, in premises owned by the property company Sponda. The office space covers 1 135 m2. The CSF management, financial, data and general administration, health department and communications unit, as well as the Cancer Foundation’s communications and fundraising department, the Finnish Cancer Registry and the Mass Screening Registry all operate from the central office. The spatial arrangement is safe in terms of occupational health and safety, and the use of space is convenient and efficient. Applying the Public Procurement Act Under the Public Procurement Act, the Cancer Society puts out to tender all activities that are funded by the Funding Centre for Social Welfare and Health Organisations. As a rule, all procurements and outsourced services for administration, data management, communications and fundraising are put out to tender at least as so-called mini procurements, where bids are requested from three different suppliers. Data management The Cancer Society’s data management deals with the data systems services and coordinates the organisation’s procurement and development projects related to data systems. The task of the IT team is to provide services for registration and mass screening activities and to support research activities. The IT team develops and maintains applications that support operational activities and the electronic cancer notification form. It is also responsible for the Cancer Registry’s data resources. A significant part of the data management services are targeted at support services for the Cancer Society. Some of the services also concern the Cancer Registry’s registration work and supporting research activity. The most significant CSF-led IT project in 2018 was the acquisition and deployment of the joint operational planning system (Järkkäri) for member associations. Altogether nine member associations adopted the system during the year. The server infrastructure of the CSF was also updated. The technical requirements have gradually increased as work has become increasingly based on information systems and as the technical expertise of the users has improved. The updated server environment now allows us to meet these needs. One of the key issues of the year was the EU’s General Data Protection Regulation, which entered into force in May. During autumn 2017, the data management made changes and corrections to the CSF’s technical environment and outsourced services based on the results of a data security test conducted by an external operator. This work will continue in 2019. Data protection and security The CSF is subject to the document processing, classification and data security requirements that apply to government authorities (Government Decree on Information Security in Central Government 681/2010, the so-called Decree on Information Security). All personal data were processed in accordance with the Personal Data Act (523/1999) insofar as it did not conflict with the General Data Protection Regulation (2016/679) applied as of 25 May. The CSF’s data protection officer, data security manager, a data security consultant and a data protection and security working group are jointly responsible for data protection and security at the CSF. We prepared for the GDPR by training CSF staff, describing the current state of internal processes, informing data subjects about their rights and the processing of their data on the CSF website, and by replacing descriptions of file with privacy statements. Data protection agreements were signed about outsourced personal data processing. We also introduced a secure email system for all staff members. The Cancer Registry filled in a description of the processing of personal data, and launched an impact assessment.