KVKK Consulting

KVKK Consulting

KVKK Consulting

KVKK Consulting

Personal Data Protection Law (KVKK)
This Law, which was drawn up by taking into account international documents, the Turkish constitution, Turkish Laws, comparative law practices and the current needs of our country, aims to protect the fundamental rights and freedoms of individuals, and especially the privacy of private life, by processing personal data. by contemporary standards. In this context, the Law regulates the conditions for processing personal data, the basic principles to be adopted regarding the protection of personal data, the obligations of real and legal persons processing personal data and the procedures and principles they will comply with.

Although the concepts of fundamental rights and freedoms, personal data, privacy and security have been in our lives since the emergence of the understanding of human rights, recent developments in technology and the implementation of fundamental rights and freedoms have occurred. The Personal Data Protection Law (KVKK), which is the equivalent of GDPR in Turkey, informs and guides us on how to protect our personal data as well as our fundamental rights and freedoms.

In the first stage, an internal organization chart should be prepared and it should be stated on a category basis (identity, communication, location, health, etc.) which personal data are processed in the departments/units within the institution. A data inventory should then be prepared and the following information should be included in the inventory.

  • Which personal data are processed in the specified categories (IDENTITY: Name, Surname, TR ID Number, etc.)
  • Natural person whose data is processed (customer, employee, supplier, stakeholder, third parties)
  • Purpose and legal reason for data processing
  • What types of personal data are processed; sensitive personal data (health, race, religion, gender) or personal data (name, contact details).
  • How long the processed data will be stored/Storage periods.
  • Administrative and technical measures taken regarding the processing of personal data.
  • Whether the data is transferred abroad.