Do You Have Applicable Security Measuresto Meet GDPR Requirements?
EUROPEAN UNION GENERAL DATA PROTECTION REGULATION (GDPR) COMPLIANCE CONSULTANCY
VeriSistem® provides the most appropriate solutions and European Union General Data Protection Regulation (GDPR) compliance services with a holistic approach to ensure you are compliant with the GDPR processes you need for your organization.
The EU General Data Protection Regulation (GDPR) is the most important change in data security over the last 20 years. This law, adopted by the European Parliament on 14 June 2016, has been effective as of 25 May 2018 and imposes severe penalties on organizations that do not comply with laws on GDPR compliance.
GDPR replaced the Directive 95/46/EC on the Processing and Free Movement of Personal Data of the European Parliament and the Council of Europe. Its main purpose is to ensure that citizens of the European Union have an effective privacy and security approach with the reshaping of compliance in organizations in order to ensure data security.
Are you sure that you are not subject to GDPR?
Article 3 of the GDPR relates to the Regional Scope. In the 2nd chapter of the article;
If an organization established outside the EU is offering products and services to the data subjects living in the EU or monitoring the behavior of a natural person within the EU even if this is not based on any payment, these are sufficient indicators showing that the organization is subject to GDPR.
To interpret the relevant article of the law; for example, if you offer services and products in one of the languages spoken in the EU on your organization's website, you are in the Increased Territorial Scope. If you collect the data of persons from a contact page and offer them a list of currencies and prices used in Europe, you are in the scope of GDPR. In addition, for example, identifying the data of persons through a website or different methods by profiling, finding their habits, and obtaining their IP addresses by using cookies are also evaluated within this scope. On the other hand, if you are engaged in import, export and any commercial activities with EU member states, you must meet the GDPR compliance requirements.
What is it?
Personal data rules defined for EU
General Data Protection Regulation
In force as of:
May 25, 2018
Does your effort for KVKK meet the necessary GDPR compliance requirements?
As GDPR is related to the personal data of EU citizens living within or outside Europe, organizations resident in Türkiye are significantly mislead. Likewise, many organizations outside the EU region have similar perception. For example, as in 2018, according to various studies, 50% of American companies think that they will not be affected by GDPR. Only 12% of Asia-Pacific companies prepared for GDPR.
Some misleading publications report that GDPR is a regulation that applies only in the EU. This is completely wrong. Many organizations in Türkiye fall within the scope of GDPR, along with KVKK for various reasons. It is important that the administrative and technical measures required by the two laws differing in terms of retention periods, responsibilities, and penalties that need to be determined during the compliance process, are transferred to policies, procedures, and all other documents with a combined approach.
Sanctions in case of GDPR Violation & Data Breach
In case of data breach under GDPR
A fine up to 20 Million Euro or up to 4% of global turnover of the previous fiscal year shall be applicable.
What are the fundamental needs for GDPR compliance?
Establishing risk assessment and organizational controls
Determination of data flows and preparation of data inventory
Defining legal responsibilities
Taking all necessary precautions regarding data protection processes and establishing an end-to-end data security infrastructure
Appointment of DPO (Data Protection Officer)
Updating existing policies and procedures, preparing and reviewing the Binding Corporate Rules (BCR)
Reviewing communication processes in marketing and social media channels