Previous system solutions and experience enabled all staff to shift to teleworking and continue working smoothly despite the Covid-19 pandemic. Management group and management teams The work of the management team was reformed so that there is only one group-level management team, with the management teams of the Cancer Registry, the Cancer Foundation and the CSF beneath it. All those in leadership positions are regularly invited together for educational, strategic and operational planning meetings. Organisation chart of the CSF central office from 1.9.2018 Management of the Cancer Foundation The Cancer Foundation has no staff of its own, and the staff of the CSF are responsible for the foundation’s tasks. Sakari Karjalainen, MD, PhD, has been the Secretary General of the foundation. The foundation received €580,000 (€576,000 in 2019) for administrative salaries and social costs. Pension fund The CSF is responsible for the pension liability of the former CSF pension fund, dissolved in 1981, and for a separate pension liability. There are 56 persons in the scope of this liability. There are 56 persons covered. Fulfilling social responsibility The Finnish Cancer Society defines its relations with the tobacco, alcohol and pharmaceutical industries in precise terms. The association does not cooperate with any parties that receive funding from the tobacco or alcohol industry. Companies in this industry are excluded from the investment plan approved by the board. The pharmaceutical industry is dealt with in accordance with the pharmaceutical industry’s own ethical rules on cooperation with patient organisations. In line with its own policy, the CSF may cooperate with pharmaceutical companies, but in such cases projects must involve at least three pharmaceutical companies. The principles of sustainable development are taken into account in procurement and in our own activities. The Finnish Cancer Society is a smoke-free workplace. Offices The central office of the CSF is located in Helsinki at Unioninkatu 22, in premises owned by the property company Sponda. The office space covers 1 215 m2. The CSF management, financial, data and general administration, health department and communications unit, as well as the Cancer Foundation’s communications and fundraising department, the Finnish Cancer Registry and the Mass Screening Registry all operate from the central office. The spatial arrangement is safe in terms of occupational health and safety, and the use of space is convenient and efficient. The modern business premises can be easily adapted to the needs of the various units. During the year, development work was launched as part of the HR programme project. The project’s results will be available in 2021 and will explore new ways of working, including teleworking, time management, creativity, digitalisation and communality. Applying the Public Procurement Act All STEA-funded activities are put out to tender in line with the Public Procurement Act. As a general rule, all administrative, IT, communication and fundraising procurement and purchasing services are put out to tender at least in the form of mini-tenders, with three different suppliers being invited to tender on the basis of defined criteria. Data management The CSF’s IT department is responsible for the organisation’s IT services and coordinates the its IT-related procurement and development projects. The task of the IT team of the Cancer Registry is to provide services for the registration and mass screening activities of the Cancer Registry and to support research activities. The IT team develops and maintains applications to support operational activities, the electronic cancer registration form and is responsible for the Cancer Registry’s data repositories. A significant part of the IT services is dedicated to support services for the CSF’s operations. IT services are also provided for the registration activities of the Cancer Registry and to support research activities. The strategic policy of the IT department is to use external outsourcing services to support its own organisation where necessary, so that challenging technical projects can be implemented cost-effectively and professionally. All staff shifted to teleworking in March. Previous system solutions and experience allowed for a smooth transition to teleworking. Despite the pandemic, it was possible to implement the upgrades as part of the development of information security. Processes were developed to better serve teleworkers, for instance in terms of equipment. In early 2020, the development of the internal network continued, and this could be continued for the rest of the year. Security scans were carried out and will continue to be semi-automated in 2021, and work started on the changes and challenges in working practices and systems brought about by Findata and the Act on the Secondary Use of Health and Social Data. Järkkäri, the common enterprise resource planning (ERP) system for member associations, was launched in 2018 and is being continuously developed. In 2020, Järkkäri was upgraded and a new Unified Client Interface was introduced. The year also saw the development of a client relationship management system for the CSF, as well as the development of common statistical practices for the organisation. The system users were trained and the new statistical practices will be implemented from the beginning of 2021. The development of statistics was carried out together with the member associations under the leadership of the Executive Director of the Cancer Society of Saimaa. Data protection and security The CSF is subject to the requirements on the processing of documents and data security of state administration authorities (Act on Information Management in Public Administration (906/2019)). Personal data are processed in accordance with the General Data Protection Regulation (679/2016) and the Data Protection Act (1050/2018). The CSF and its employees are jointly responsible for working safely in terms of data protection and security. At the CSF, data protection and security are handled by the data protection officer, the data security manager, a person consulting technical data security and a data security group dealing with data protection and data security issues. The data protection officer and the data security manager trained 19 new employees in data protection and information security. A commonly agreed, general policy on data storage locations has been established and the services have drawn up their own guidelines based on the specificities of their activities. Data protection impact assessments were launched in the autumn, using similar impact and risk assessment tools. The obligations of the General Data Protection Regulation have also been implemented by continuing to inform data subjects about their rights and the processing of their personal data in personal files. Data protection agreements were concluded for personal data processing activities outsourced to subcontractors. The third decision of the Cancer Registry was published. Reviews to improve the archiving of documents had to be suspended in the spring due to the epidemic situation. Member associations were advised on data protection issues.