2020 KVKK & GDPR December Newsletter Headings

2020 KVKK & GDPR December Newsletter Decision Summaries of The Month and News

• Board Decision Regarding the Failure of a Bank to Fulfill an Instruction Given by a Board Decision
  (2020/765)
• Board Decision Regarding the Failure of a Bank to Fulfill an Instruction Given by a Board Decision
  (2020/766)
• Public Announcement on "Publicization"
• Otokur Otomotiv İnşaat Turizm Sanayi ve Ticaret A.Ş. - Data Breach Notification
• Ficosa Otomotiv San. ve Tic. A.Ş - Data Breach Notification
• UiPath SRL - Data Breach Notification
• Ficosa International Otomotiv San. ve Tic. A.Ş - Data Breach Notification
• The Personal Data Protection Office in Poland (UODO) Imposed a Penalty of Reprimand for Revealing the List of Quarantined People
• The Swedish Authority for Privacy Protection Issued a Penalty Fine Due to Illegal Video Surveillance
• The Belgian Data Protection Authority Fines for Unlawful Processing of Video Images
• The Swedish Authority for Privacy Protection Announced the Deficiencies in Healthcare Providers Accessing the Patient Data
• Estonian Data Protection Inspectorate Decides to Immediately Terminate 3rd Party Access to Prescription Information in E-pharmacies
• The Irish Data Protection Authority Announces Decision on Twitter Investigation
• The Swedish Authority for Privacy Protection Imposed a Penalty Fine of SEK 300,000 on a Housing Company

2020 KVKK & GDPR November Newsletter Information Guide

How Should the Organizations Evaluate Mobile Devices within the Scope of Personal Data Protection?

As it is known, it is among the obligations of the data controller organization to ensure the protection of the data on the organization's devices by taking the necessary administrative and technical measures within the scope of the protection of personal data and information security. Even though this topic is elaborated by the Authority under the title of "Ensuring the Security of Media Containing Personal Data" by including among the technical measures within the scope of KVKK, it should be examined from a technical aspect as well as from an administrative perspective.

Breaches Arising from the Lack of Administrative Measures:

• Employee's Use of Personal Mobile Device for Business Purposes
• Employee's Use of Corporate Mobile Device for Personal Purposes

Ensuring Mobile Device Security

The management of the devices is as important as their installation. It is necessary to know and manage the information such as which features are open in the devices used or whether the devices are open to access from outside. The following technical issues should be noted for Secure Mobile Device Management.

• Asset management should be implemented, the type and operating system version information of the devices should be followed.
• Up-to-date anti-virus applications should be used on mobile devices and disabling this application should be prevented.
• Employees should be prevented from installing and using applications that are not approved by the organization on mobile devices, and remote version update and patch security measures should be taken for applications.
• In case of any attack or data breach, device backup policies should be determined, and backups should be secured to detect the data in the device and to prevent data loss.
• In case mobile devices are delivered to unauthorized persons for maintenance, repair, and similar operations, the data should be inaccessible, and it should be ensured that no malicious software is installed on the device during maintenance.