2020 KVKK & GDPR March Newsletter Headings
2020 KVKK & GDPR March Newsletter Decision Summaries of the Month
- Decision Regarding the Disclosure of Personal Data to Third Parties by a Lawyer as Data Controller
- Decision on Missing to Fulfil the Request of the Data Subject
- Decision Regarding the Processing of the Data Subject's Mobile Phone Number Without Any Data Processing Requirements and Sending an Ad/Informational Message to the Related Number by an Educational Institution
- Decision on the Delivery of a Credit Card to Third Parties by a Bank Without the Consent of the Data Subject
- Gratis – Data Breach Notification
- Türk Ekonomi Bankası A.Ş. – Data Breach Notification
- Doğa Sigorta A.Ş. – Data Breach Notification
- Dutch DPA (AP) Imposed 525.000 EUR Fine To Tennis Association KNLTB, Due To Selling Personal Data Of Its Members
- Polish DPA Fines 20,000 PLN to School Processing Biometric Data of Students
- Icelandic Supervisory Authority (SA) Fines 20,643 EUR to National Center of Addiction Medicine
- A School by Icelandic SA Has Been Fined of 8.945 EUR
- Suggestion of Penalty by the Danish DPA for Two Municipalities
- Administrative Fine to Google by Swedish DPA
- Croatian DPA (AZOP) Imposed a Fine of 20.000.000 EUR to a Bank
- Announcements by Data Protection Authorities Made Within the Scope of Covid19 Outbreak
2020 KVKK & GDPR March Newsletters Information Guide
Coronavirus (COVID-19) Pandemic and Its Relation with KVKK
Affecting the whole world, the Covid-19 pandemic led organizations to initiate certain precautions in line with the suggestions of the state authorities, to save and secure public health and prevent further spread of the virus. Due to the Covid-19 virus, within the scope of these precautions, the possibility of unauthorized access to personal data has emerged, including health data of employees or third parties. Organizations should be very careful to avoid possible violations which might directly impact the rights and freedoms of persons when taking relevant preventive measures. In this process, organizations can follow the methods in the precautions to be taken, which are elaborated as follows:
- Remote Working
- Collecting Information About Employees and Their Relatives
- Situation of Employees Who Have Positive Coronavirus Test Results or Showing Related Symptoms
- Employees Working in Public Places Who Are to Meet a Person Showing Symptoms
Technical Aspects to be Considered During Working Remotely
Due to the Covid-19 Corona virus epidemic, which is on the agenda of the whole world, many companies switched to remote working. However, some companies could not start working remotely, from homes due to lack of technical infrastructure, while some companies switched to working from home without being aware of the systems that they had to set up in their technical systems and without taking the necessary precautions.
What aspects should companies take into consideration when working remotely?
One of the biggest issues experienced during the pandemic was that companies did not have equipment appropriate for handling operations remotely from home. It has been much easier to switch work from home for companies whose computers are portable and communication devices can also be used remotely. In this context, there were those who tried to carry the monitors, and those who could not carry their computers and expected to use their personal computers at home for business purposes. The lesson learned by companies was that screened devices should be provided to people according to the nature of the job. Because the first rule of working remotely is that the quality of work shall be appropriate for working from home.
Details regarding the subject can be accessed from our article published in our website.
2020 KVKK & GDPR March Newsletters Legislation Analysis
Interpretation of Processing Personal Data in Order to Ensure Public Safety and Public Order According to the Article 28 of the Law
Several measures are taken to prevent the further spread of Covid-19 virus, which is described as a pandemic worldwide. These measures require the processing of health data and location information of individuals, in particular. Although the public interest is considered to be superior when the rights and freedoms conflict with the public interest, the practices carried out must be lawful and have a certain limit. In this context, data protection authorities make explanations regarding the data processing activities and the authorized institutions take the necessary steps to carry out a lawful activity. Data processing activities performed aiming to prevent the further spread of epidemic in Türkiye, are intended to ensure public safety and public order and will be exempted from the requirements of the Law, if they meet the requirements of Article 28 of the Law.