GDPR - KVKK - PERSONAL DATA PROTECTION LAW NO. 6698
the law on the protection of personal data numbered 6698 and dated March 24, 2016 (KVKK) includes regulations on the protection of personal data. additionally, the Turkish penal code contains provisions related to the protection of personal data between articles 135 and 140.
WHO DOES IT COVER?
DATA CONTROLLERS
REGISTRATION OBLIGATION START DATE
GIVEN FOR REGISTRATION
DURATION
FOR REGISTRATION
LAST
HISTORY
Data controllers who are real persons or legal entities with an annual employee count of more than 50 or an annual financial balance sheet of more than 25 million TL.
01.10.2018
12 MONTHS
31.12.2019
Data controllers who are natural or legal persons resident abroad.
01.10.2018
12 MONTHS
31.12.2019
Real person and legal entity data controllers whose annual employee count is less than 50 and annual financial balance sheet is less than 25 million TL, but whose main activity is processing special categories of data.
01.01.2019
15 MONTHS
31.03.2020
Public institutions and organizations are data controllers.
01.04.2019
15 MONTHS
30.06.2020
PENAL AND ADMINISTRATIVE SANCTIONS
FINE
5,000 - 100,000 TL
The obligation to inform
contradiction
15,000 - 1,000,000 TL
Violation of obligations regarding data security.
25,000 - 1,000,000 TL
Failure to comply with board decisions
20,000 - 1,000,000 TL
Non-compliance with the obligation to register and notify the registry
PRISON SENTENCE
1 - 3 YEARS
Recording of personal data contrary to the law.
1.5 - 4.5 YEARS
Recording of special personal data contrary to the law.
2 - 4 YEARS
Giving/disseminating or obtaining data illegally.
1 - 2 YEARS
Failure to delete/destroy data in accordance with the Law.
WHAT DO WE DO?
APPOINTMENT OF DATA CONTROLLER BY REGISTERING IN VERBIS SYSTEM
MAKING RECORDINGS IN THE DATA CONTROLLERS REGISTRY
PREPARATION OF PERSONAL DATA INVENTORY
PREPARATION OF EXPLICIT CONSENT
AND ORGANIZATION OF DATA
REALIZATION OF AWARENESS TRAININGS
CREATING AND DOCUMENTING SYSTEM AND PHYSICAL SECURITY MEASURES
PREPARATION OF INFORMATION TEXTS AND POLICIES
CONDUCTING AUDITS
SITUATION
ANALYSIS
Kişisel veri envanterinin incelenmesi.
Kişisel veri ile ilgili süreçlerin incelenmesi.
Organizasyon yapısının incelenmesi.
Sözleşme envanterinin incelenmesi.
OF PROCESSES
MAKING IT APPROPRIATE
Harmonization of data processing processes.
Harmonization of data transfer processes.
Alignment of data destruction processes.
Updating contracts.
Establishment/alignment of application, complaint and objection processes.
DATA
SECURITY
Mantıksal güvenlik.
Fiziksel güvenlik.
Risk yönetimi.
Değişiklik yönetimi.
ORGANIZATION
HARMONY
Election of the data controller and its representative.
Registration procedures in the data controllers registry.
Creation of data responsibility job descriptions.
Establishing a personal data management process.
Data controller training.
Harmonizing internal control and audit processes.
Ensuring corporate awareness.
As KALİTE TÜRK Consulting, our company provides all kinds of support required in the process of establishing the PERSONAL DATA PROTECTION LAW (KVKK) REQUIREMENTS in your business, successfully passing the audits and gaining the PERSONAL DATA PROTECTION LAW (KVKK) APPROVAL in your business with the knowledge, experience and know-how gained over the years .