2020 KVKK & GDPR April Newsletter Headings

Decision
Summaries

For Information About the Important Decision Summaries of the Month

Click Here

News
of the Month

For Information About the News of the Month

Click Here

Information
Guide

For Information About the Information Guide of the Month

Click Here

Your Time is
Running Out

What is VERBIS?

For Further Information About Data Controllers' Registry Information System

Click Here

2020 KVKK & GDPR April Newsletter Decision Summaries of the Month

  • Board Decision About Obtaining Employee's WhatsApp Messages Unlawfully
  • Decision About Processing of Personal Data as a Service Requirement Failure to Fulfill Disclosure Obligation Duly
  • Board Decision Regarding the Access Request of Dead Person's Relatives to His Data
  • Decision About the Short Messages Sent by the Data Controller to the Data Subject for Advertising Purposes
  • Decision Regarding the Transmission of the Data of the Relevant Person to Another Person Due to Name-Surname Similarity
  • Board Decision on the Use of the Information Given to the Call Center for Magazine Subscription by a Food Company for Advertising Purposes
  • Failure of a Bank to Meet the Compensation of the Data Subject Due to the Unlawful Processing of Personal Data
  • Sharing the Data of the Relevant Person with the Third Parties Without His Consent by a Bank
  • Decision about an Insurance Agency Regarding Sharing the Data of the Relevant Person in Its Social Media Accounts for Advertising Purposes
  • Decision About the Personal Data Processed by the Transportation Service Company within the Scope of Mobile Application
  • Decision about a Real Estate Company Regarding Sending Advertising Message Without the Consent of the Data Subject
  • Decision About A Flight Ticket Sales Company Due to Incompliance of the Board Decisions
  • Decision about the Bank that Processes Personal Data Unlawfully in Order to Acquire Potential Customers

2020 KVKK & GDPR April Newsletter News

  • Polish Data Protection Authority (UODO) Fines the Company that Could Not Be Found at Its Address on the Date of Inspection
  • Public Announcement from Turkish Data Protection Authority About Remote Education Platforms
  • Public Announcement by the Turkish Personal Data Protection Authority on the Processing of Location Data in Fighting Against Covid-19 Pandemic and Monitoring the Mobility of Persons
  • Binding Corporate Rules
  • Considerations for the Protection of Children's Personal Data
  • Letter of the EDPB Chairwoman about her views on mobile applications planned to be used as part of the Covid-19 outbreak measures
  • Marriott – Data Breach Notification
  • Turkon Holding A.Ş. and Group Companies – Data Breach Notification

2020 KVKK & GDPR April Newsletters Information Guide

Administrative Measure: Comparison of Binding Corporate Rules and Undertaking Agreements envisaged in the Transfer of Personal Data to Inadequate Countries

As it is known, the principles of transfer of personal data abroad are regulated in the Article 9 of the Personal Data Protection Law No. 6698. According to this regulation, in transfers to countries that are not counted among adequate countries, data controller in the relevant foreign country must undertake adequate protection in writing and obtain permission from the Board.

There are two methods to be preferred under certain conditions in order for the data controller in the foreign country to undertake adequate protection. You can find a comparison of these two methods from the table in our article:

  • Binding Corporate Rules
  • Undertaking Agreement

Technical Measure: Intrusion Detection and Prevention Systems

Organizations need to ensure protection to avoid cyber-attacks which are becoming widespread today, in addition to ensuring physical security with factors such as entrance and exit controls, cameras, and security personnel. IDP and IPS systems are systems that are used to protect organizations against cyber-attacks from malicious activities and to prevent attackers from accessing networks. Besides, they can detect the network's information gathering activities and stop the attackers at this early stage.

  • Intrusion Detection Systems (IDS)
  • Intrusion Prevention Systems (IPS)
  • Comparison with Firewall