2019 KVKK & GDPR December Newsletters Headings

Decision Summaries of the Month

For Information About the Important Decision Summaries of the Month

Click Here

Information Guide

For Information About the Information Guide of the Month

Click Here

Legislation Analysis

For Information About the Legislation Analysis of the Month

Click Here

Your Time is Running Out

What is VERBIS?

For Further Information About Data Controllers' Registry Information System

Click Here

2019 KVKK & GDPR December Newsletter Decision Summaries of the Month

  • Deadlines for Registration with VERBIS Have Been Re-extended
  • Decision dated 07.11.2019 and numbered 2019/331 on the Use of Data for Purposes Other Than Making Available to the Public Which Was Made Available to the Public by the Data Subject Himself/Herself
  • Decision dated 07.11.2019 and numbered 2019/332 on Sending Advertising / Informational Message to the Relevant Person by a Doctor
  • Decision dated 26.11.2019 and numbered 2019/353 on the Exemption of VERBIS Registration for Associations, Foundations and Unions
  • BfDI Imposed Fines for Telecommunications Service Providers in Germany
  • A Fine of 105.000 Euro to A Hospital by German Data Protection Authority
  • T. Garanti Bankası A.Ş. - Data Breach Notification
  • Küçükçekmece Municipality - Data Breach Notification
  • Doğuş Planet Elektronik Ticaret ve Bilişim Hizmetleri A.Ş. (n11.com) – Data Breach Notification
  • KVKK Administrative Fines Calculated According to Revaluation Rate

2019 KVKK & GDPR December Newsletters Information Guide

Administrative Measure: Awareness Activities Under KVKK

It is stated in the Law ("KVKK") that there are some administrative and technical measures to be taken for natural and legal persons and some of these measures are listed by the Authority. These measures listed by the Authority includes awareness trainings which are to be provided by the organization to its employees and organizing awareness activities for employees, as well.

Technical Measure: Control of Authority

According to the Article 12 and Paragraph 1 of KVKK, data controllers must take all necessary technical and administrative measures in order to prevent unlawful processing of personal data, prevent unlawful access to personal data and to protect personal data in accordance with law. These measures are detailed in the Personal Data Security Guideline published by the Authority and specified in the notification phase to VERBIS.

2019 KVKK & GDPR December Newsletters Legislation Analysis

Legislation Analysis


  • Providing compliance with KVKK
  • Prepation of Personal Data Processing Inventory and Retention and Destruction Policy

Preliminary Application

  • Creating an application form by registering to VERBIS
  • Sending the application form to the Authority via Registered E-Mail Services (“KEP”) or post

Approval of Application

  • Evaluation of your application and having user name and password sent by the Authority


  • Appointing contact person in the system
  • Performing data entries to VERBIS
  • Notification to Registry