GDPR Consulting2022-01-17T13:47:42+03:00

What is Personal Data?

Personal data include race, ethnic origin, political thought, philosophical belief, religion, sect or other beliefs, clothing, association, foundation or union membership, health, sexual life, criminal conviction and safety data and biometric and genetic information.

What is Processing of Data?

Obtaining, storing, modifying, rearranging, disclosing, transferring, taking over, making available, classifying or preventing the use of personal data.

Some of the provisions of the Personal Data Protection Act;

Ağ/Sistem Sağlık Taraması

You must tell the owner of the data how you will use the personal information you wish to obtain, how long you will store it, where to keep it, and when to delete it, and undertake that you will not use this data for any other purpose, and you must fulfill this commitment.

Personal data cannot be transferred abroad without the express consent of the person concerned.

The person responsible for the data shall take all necessary technical and administrative measures to prevent unlawful processing of personal data, to prevent unlawful access to personal data, to protect personal data, and to ensure the appropriate level of security for the purpose.

If the rules of the law are not followed, people may be fined or imprisoned.

In order for the Personal Data Protection Law to be fully implemented, some structures need to be advanced.

  • Corporate Architecture
  • Technological Approaches
  • Legal Approaches

Corporate Architecture

Corporate architecture is the business methodology that manages these systems, providing technological information about the systems used, creating the organization’s target, structure and functioning order. In order to accelerate the decision-making process of the organization, to create an environment in compliance with standards, to create a competitive advantage in short is the discipline that allows the organization to rearrange according to their needs.

Major corporate architecture frameworks;

  • TOGAF / The Open Group
  • Zachman Framework / Zachman International
  • The Federal Enterprise Architecture Framework (FEAF) / Federal Government of the U.S

Technological Approaches

With GDPR, there are solutions that can be done in the field of data security (account and password auditing, security level monitoring, classification, classification, data protection, data leakage prevention) that the companies hold.

Legal Approaches

A long-term application text is prepared in order to ensure compliance with legal rules (legal definitions, obligations of data responsible, definition of rights of personal data owner etc.).

Did You Like The Service? Let Us Call You!

Frequently Asked Questions About GDPR Consulting

We have collected personal data about our marketing databases for several years. What is the effect of GDPR on this situation?2020-03-07T14:57:13+03:00

One of the biggest problems that arise with the introduction of GDPR is consent and, in particular, the area of consent for marketing. Approval according to the GDPR must be freely given and clear.

Current legislation allows for approval with a “renounce” checkbox. However, the new regulation requires approval through a “selection”. Therefore, the data owner checks a box to agree to receive marketing materials. Organizations should review their databases for appropriate approval.

One of the problems with re-approval is the response rate to these requests, which may be historically low. Failure to respond to such requests means that consent has not been received and you will not be able to contact them again.

In practice, many organizations see the new regulation as an opportunity to “clean up” marketing databases and to ensure that the databases are targeted to those who are really interested in getting marketing information.

How Can We Completely Delete the Data?2020-03-07T14:56:49+03:00

You might think that the data is deleted when you press the delete key on your computer. However, erasing digital data is not easy.

However, you can establish a data deletion policy with your IT department or your outsourced IT service provider, ensuring that the data to be deleted is kept in an archive with strict access restrictions, so that archived data cannot be directly accessed, so that it is considered dead data.

We Have a Continuous Camera System. Are these images considered personal data? Should I Make a Copy of the Image Upon a Request for These Images?2020-03-07T14:56:32+03:00

Yes, the camera images of the data owners are personal data under existing and new regulations.

If the data request is received and your organization still holds images of the data owner, you must provide them to the requesting party.

In practice, camera recordings are kept for a short time, normally 30 days; therefore, if the request is made after this time, you do not have to provide it.

Go to Top