Do You Have Applicable Security Measuresto Meet GDPR Requirements?


Verisistem® provides the most appropriate solutions and services with a holistic approach to ensure compliance with the European Union General Data Protection Regulation (GDPR) processes you need for your business.

The EU General Data Protection Regulation (GDPR) is the most important change in data security in the last 20 years. This law, adopted by the European Parliament on 14 June 2016, has an effective date of 25 May 2018 and imposes severe penalties on organizations that do not comply with laws on compliance.

GDPR replaced the Directive 95/46 / EC on the Processing and Free Movement of Personal Data of the European Parliament and the Council of Europe. Its main purpose is to ensure that citizens of the European Union have an effective confidentiality / security approach with the reshaping of compliance in order to ensure data security.


Are you sure you are not subject to GDPR?

Article 3 of the GDPR relates to the Regional Scope. In the 2nd chapter of the article;

Even if a company established outside the EU is not based on any payment, offering products and services to the data subject living in the EU or monitoring the behavior of a real person within the EU are sufficient indicators that the company is subject to GDPR.

If it is necessary to interpret the relevant article of the law; For example, if you offer services and products in one of the languages spoken in the EU on your company's website, you are in the Increased Territorial Scope. If you collect people's information from a contact page and offer them a list of currencies and prices used in Europe, you are covered by GDPR. In addition, through a web site or different methods, for example, to identify people's information, profiling, finding their habits, obtaining their IP addresses by using cookies are also evaluated within this scope. On the other hand, if you are engaged in import, export and any commercial activity with EU member states, you must be in compliance with GDPR.

What is it?

Personal data rules defined for EU



European Union
General Data Protection Regulation



In force as of:
May 25, 2018

KVKK Başlangıç Tarihi

Does your effort for KVKK meet the necessary compliance requirements for GDPR?

As GDPR is related to the personal data of EU citizens living within or outside Europe, companies resident in Turkey are significantly mislead. Likewise, many companies outside the EU region have a similar perception. For example, as in 2018, according to various studies, 50% of American companies think that they will not be affected by GDPR. Only 12% of Asia-Pacific companies made preparations for GDPR.

Some misleading publications report that GDPR is a regulation that applies only to the EU. This is completely untrue. Many companies in Turkey, fall within the scope of GDPR, along with KVKK for various reasons. It is the transfer of administrative and technical measures into policy, procedures and all other documents required by the two laws differentiating in terms of retention periods, responsible persons, penalties with a unified approach during compliance process.

Sanctions in case of GDPR Violation & Data Breach

In case of data breach under GDPR

A fine up to 20 Million Euro or up to 4% of global turnover of the previous fiscal year shall be applicable.

What to do for GDPR basically?

Establishing risk assessment and organizational controls

Determination of data flows and preparation of data inventory

Defining the legal responsibilities

Taking all necessary precautions regarding data protection processes and establishing an end-to-end data security infrastructure

Appointment of DPO (Data Protection Officer)

Updating existing policies and procedures. Preparing and reviewing the Binding Corporate Rules (BCR)

Review of communication processes in marketing and social media