You must tell the owner of the data how you will use the personal information you wish to obtain, how long you will store it, where to keep it, and when to delete it, and undertake that you will not use this data for any other purpose, and you must fulfill this commitment.
Personal data cannot be transferred abroad without the express consent of the person concerned.
The person responsible for the data shall take all necessary technical and administrative measures to prevent unlawful processing of personal data, to prevent unlawful access to personal data, to protect personal data, and to ensure the appropriate level of security for the purpose.
If the rules of the law are not followed, people may be fined or imprisoned.
In order for the Personal Data Protection Law to be fully implemented, some structures need to be advanced.
- Corporate Architecture
- Technological Approaches
- Legal Approaches
Corporate architecture is the business methodology that manages these systems, providing technological information about the systems used, creating the organization’s target, structure and functioning order. In order to accelerate the decision-making process of the organization, to create an environment in compliance with standards, to create a competitive advantage in short is the discipline that allows the organization to rearrange according to their needs.
Major corporate architecture frameworks;
- TOGAF / The Open Group
- Zachman Framework / Zachman International
- The Federal Enterprise Architecture Framework (FEAF) / Federal Government of the U.S
With GDPR, there are solutions that can be done in the field of data security (account and password auditing, security level monitoring, classification, classification, data protection, data leakage prevention) that the companies hold.
A long-term application text is prepared in order to ensure compliance with legal rules (legal definitions, obligations of data responsible, definition of rights of personal data owner etc.).