top of page

GDPR - KVKK - PERSONAL DATA PROTECTION LAW NO. 6698

PERSONAL DATA PROTECTION LAW

the law on the protection of personal data numbered 6698 and dated March 24, 2016 (KVKK) includes regulations on the protection of personal data. additionally, the Turkish penal code contains provisions related to the protection of personal data between articles 135 and 140.

WHO DOES IT COVER?

DATA CONTROLLERS

REGISTRATION OBLIGATION START DATE

GIVEN FOR REGISTRATION

DURATION

FOR REGISTRATION

LAST

HISTORY

Data controllers who are real persons or legal entities with an annual employee count of more than 50 or an annual financial balance sheet of more than 25 million TL.

01.10.2018

12 MONTHS

31.12.2019

Data controllers who are natural or legal persons resident abroad.

01.10.2018

12 MONTHS

31.12.2019

Real person and legal entity data controllers whose annual employee count is less than 50 and annual financial balance sheet is less than 25 million TL, but whose main activity is processing special categories of data.

01.01.2019

15 MONTHS

31.03.2020

Public institutions and organizations are data controllers.

01.04.2019

15 MONTHS

30.06.2020

PENAL AND ADMINISTRATIVE SANCTIONS

FINE

5,000 - 100,000 TL

The obligation to inform

contradiction

15,000 - 1,000,000 TL

Violation of obligations regarding data security.

25,000 - 1,000,000 TL

Failure to comply with board decisions

20,000 - 1,000,000 TL

Non-compliance with the obligation to register and notify the registry

PRISON SENTENCE

1 - 3 YEARS

Recording of personal data contrary to the law.

1.5 - 4.5 YEARS

Recording of special personal data contrary to the law.

2 - 4 YEARS

Giving/disseminating or obtaining data illegally.

1 - 2 YEARS

Failure to delete/destroy data in accordance with the Law.

WHAT DO WE DO?

APPOINTMENT OF DATA CONTROLLER BY REGISTERING IN VERBIS SYSTEM

MAKING RECORDINGS IN THE DATA CONTROLLERS REGISTRY

PREPARATION OF PERSONAL DATA INVENTORY

PREPARATION OF EXPLICIT CONSENT

AND ORGANIZATION OF DATA

REALIZATION OF AWARENESS TRAININGS

CREATING AND DOCUMENTING SYSTEM AND PHYSICAL SECURITY MEASURES

PREPARATION OF INFORMATION TEXTS AND POLICIES

CONDUCTING AUDITS

SITUATION

ANALYSIS

Kişisel veri envanterinin incelenmesi.

Kişisel veri ile ilgili süreçlerin incelenmesi.

Organizasyon yapısının incelenmesi.

Sözleşme envanterinin incelenmesi.

OF PROCESSES

MAKING IT APPROPRIATE

Harmonization of data processing processes.

Harmonization of data transfer processes.

Alignment of data destruction processes.

Updating contracts.

Establishment/alignment of application, complaint and objection processes.

DATA

SECURITY

Mantıksal güvenlik.

Fiziksel güvenlik.

Risk yönetimi.

Değişiklik yönetimi.

ORGANIZATION

HARMONY

Election of the data controller and its representative.

Registration procedures in the data controllers registry.

Creation of data responsibility job descriptions.

Establishing a personal data management process.

Data controller training.

Harmonizing internal control and audit processes.

Ensuring corporate awareness.

As KALİTE TÜRK Consulting, our company provides all kinds of support required in the process of establishing the PERSONAL DATA PROTECTION LAW (KVKK) REQUIREMENTS in your business, successfully passing the audits and gaining the PERSONAL DATA PROTECTION LAW (KVKK) APPROVAL in your business with the knowledge, experience and know-how gained over the years .

bottom of page