2020 KVKK & GDPR December Newsletter Headings

Decision Summaries

For Information About the Important Decision Summaries of the Month

Click Here

Information Guide

For Information About the Information Guide of the Month

Click Here


For Information About the Legislation Analysis of the Month

Click Here

Have You Completed Your VERBIS Registration?

What is VERBIS?

For Further Information About Data Controllers' Registry Information System

Click Here

2020 KVKK & GDPR November Newsletter Decision Summaries of The Month and News

You can read our KVKK & GDPR Newsletter to access the decisions, released data breach notifications made by the Turkish Personal Data Protection Authority (KVKK) about natural and legal persons, and decisions, announcements issued by the European Data Protection Board (EDPB) and all the other countries in the past month and have further information about the news relating to personal data protection from Turkey and the world.

  • Board Decision Regarding the Failure of a Bank to Fulfill an Instruction Given by a Board Decision
  • Board Decision Regarding the Failure of a Bank to Fulfill an Instruction Given by a Board Decision
  • Public Announcement on "Publicization"
  • Otokur Otomotiv İnşaat Turizm Sanayi ve Ticaret A.Ş. - Data Breach Notification
  • Ficosa Otomotiv San. ve Tic. A.Ş - Data Breach Notification
  • UiPath SRL - Data Breach Notification
  • Ficosa International Otomotiv San. ve Tic. A.Ş - Data Breach Notification
  • The Personal Data Protection Office in Poland (UODO) Imposed a Penalty of Reprimand for Revealing the List of Quarantined People
  • The Swedish Authority for Privacy Protection Issued a Penalty Fine Due to Illegal Video Surveillance
  • The Belgian Data Protection Authority Fines for Unlawful Processing of Video Images
  • The Swedish Authority for Privacy Protection Announced the Deficiencies in Healthcare Providers Accessing the Patient Data
  • Estonian Data Protection Inspectorate Decides to Immediately Terminate 3rd Party Access to Prescription Information in E-pharmacies
  • The Irish Data Protection Authority Announces Decision on Twitter Investigation
  • The Swedish Authority for Privacy Protection Imposed a Penalty Fine of SEK 300,000 on a Housing Company

2020 KVKK & GDPR November Newsletter Information Guide

You can read the Information Guide on our newsletter, which covers a different subject every month on administrative and technical measures that can be taken to protect personal data, prepared in the light of the latest developments in the technology and law across the world and the opinions of data protection authorities.

How Should the Organizations Evaluate Mobile Devices within the Scope of Personal Data Protection?

As it is known, it is among the obligations of the data controller organization to ensure the protection of the data on the organization's devices by taking the necessary administrative and technical measures within the scope of the protection of personal data and information security. Even though this topic is elaborated by the Authority under the title of "Ensuring the Security of Media Containing Personal Data" by including among the technical measures within the scope of KVKK, it should be examined from a technical aspect as well as from an administrative perspective.

Breaches Arising from the Lack of Administrative Measures:

  • Employee's Use of Personal Mobile Device for Business Purposes
  • Employee's Use of Corporate Mobile Device for Personal Purposes

Ensuring Mobile Device Security

The management of the devices is as important as their installation. It is necessary to know and manage the information such as which features are open in the devices used or whether the devices are open to access from outside. The following technical issues should be noted for Secure Mobile Device Management.

  • Asset management should be implemented, the type and operating system version information of the devices should be followed.
  • Up-to-date anti-virus applications should be used on mobile devices and disabling this application should be prevented.
  • Employees should be prevented from installing and using applications that are not approved by the organization on mobile devices, and remote version update and patch security measures should be taken for applications.
  • In case of any attack or data breach, device backup policies should be determined, and backups should be secured to detect the data in the device and to prevent data loss.
  • In case mobile devices are delivered to unauthorized persons for maintenance, repair, and similar operations, the data should be inaccessible, and it should be ensured that no malicious software is installed on the device during maintenance.