0850 800 1483
Personal data includes data regarding people's race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, appearance and dress, association, foundation or union membership, health, sexual life, criminal conviction and security measures, as well as biometric and genetic information. data.
Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data by fully or partially automatic or non-automatic means provided that it is part of any data recording system. It is any operation performed on data, such as blocking.
The purpose of the Personal Data Protection Law No. 6698 is to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data and to regulate the obligations of real and legal persons processing personal data and the procedures and principles to be followed.
Law; It will also include data sent to an institution or organization, in addition to data stored in cloud environments or software.
Some articles included in the Personal Data Protection Law;
If the rules in the law are not followed, people may face fines or imprisonment. Violating personal data will result in a prison sentence of 1-3 years, obtaining data through violation will result in a prison sentence of up to 2-4 years, and an administrative fine of 5,000-1,000,000₺ will be imposed depending on the items not fulfilled.
Click on the link to access the original text of the Personal Data Protection Law: http://www.mevzuat.gov.tr/MevzuatMetin/1.5.6698.pdf
In order for the Personal Data Protection Law to be fully implemented, some structures need to be improved.
Corporate architecture is the business methodology that manages these systems by creating the target, structure and operating order of the institution and providing technological information about the systems used. It is the discipline that enables the institution to accelerate its decision-making process, create an environment in accordance with standards, create a competitive advantage, in short, reorganize the institution according to its own needs.
Major enterprise architecture framework;
With KVKK, there are solutions that can be provided in the field of security of the data that companies hold on their customers (such as account and password control, security level monitoring, classification, sorting, data protection, preventing data leaks).
A long-term implementation text is prepared to ensure compliance with legal rules (legal definitions, obligations of data controllers, definition of rights of personal data owners, etc.) in the institution.
One of the biggest problems that arise with the introduction of KVKK is the field of consent, and especially for marketing. In accordance with KVKK, consent must be freely given and explicit. Current legislation allows approval with an "opt-out" checkbox. However, the new regulation requires approval through an "elected"; therefore, the data subject ticks a box to agree to receive marketing materials. For this reason, organizations should review their databases for appropriate approval. One of the problems with reapproval is the response rate to these requests, which may have been historically low. Failure to respond to such requests means that consent has not been obtained and you cannot reach them again. In practice, many organizations see the new regulation as an opportunity to “clean up” their marketing databases and ensure that they target those who are genuinely interested in getting their marketing information.
You may think that the data is deleted when you press the delete key on your computer. However, erasing digital data is not easy. However, you can create a data deletion policy together with your IT department or outsourced IT service provider, ensuring that the data to be deleted is kept in an archive with strict access restrictions, so that the archived data is considered "dead data" because direct access is not possible.
Yes, camera footage of data subjects is personal data under current and new regulations. If the data request is received and your organization still holds images of the data subject, you must provide them to the requesting party. In practice, camera recordings are kept for a short time, normally 30 days; therefore, if the request is made after this time, you are not obligated to provide it.