Do You Have Applicable Security Measuresto Meet GDPR Requirements?

EUROPEAN UNION GENERAL DATA PROTECTION REGULATION (GDPR) COMPLIANCE CONSULTANCY

VeriSistem^® provides the most appropriate solutions and European Union General Data Protection Regulation (GDPR) compliance services with a holistic approach to ensure you are compliant with the GDPR processes you need for your organization.

The EU General Data Protection Regulation (GDPR) is the most important change in data security over the last 20 years. This law, adopted by the European Parliament on 14 June 2016, has been effective as of 25 May 2018 and imposes severe penalties on organizations that do not comply with laws on GDPR compliance.

GDPR replaced the Directive 95/46/EC on the Processing and Free Movement of Personal Data of the European Parliament and the Council of Europe. Its main purpose is to ensure that citizens of the European Union have an effective privacy and security approach with the reshaping of compliance in organizations in order to ensure data security.

General
Data
Protection
Regulation

Are you sure that you are not subject to GDPR?

Article 3 of the GDPR relates to the Regional Scope. In the 2^nd chapter of the article;

If an organization established outside the EU is offering products and services to the data subjects living in the EU or monitoring the behavior of a natural person within the EU even if this is not based on any payment, these are sufficient indicators showing that the organization is subject to GDPR.

To interpret the relevant article of the law; for example, if you offer services and products in one of the languages spoken in the EU on your organization's website, you are in the Increased Territorial Scope. If you collect the data of persons from a contact page and offer them a list of currencies and prices used in Europe, you are in the scope of GDPR. In addition, for example, identifying the data of persons through a website or different methods by profiling, finding their habits, and obtaining their IP addresses by using cookies are also evaluated within this scope. On the other hand, if you are engaged in import, export and any commercial activities with EU member states, you must meet the GDPR compliance requirements.

What is it?

Personal data rules defined for EU

GDPR

European Union
General Data Protection Regulation

When?

In force as of:
May 25, 2018

Does your effort for KVKK meet the necessary GDPR compliance requirements?

As GDPR is related to the personal data of EU citizens living within or outside Europe, organizations resident in Türkiye are significantly mislead. Likewise, many organizations outside the EU region have similar perception. For example, as in 2018, according to various studies, 50% of American companies think that they will not be affected by GDPR. Only 12% of Asia-Pacific companies prepared for GDPR.

Some misleading publications report that GDPR is a regulation that applies only in the EU. This is completely wrong. Many organizations in Türkiye fall within the scope of GDPR, along with KVKK for various reasons. It is important that the administrative and technical measures required by the two laws differing in terms of retention periods, responsibilities, and penalties that need to be determined during the compliance process, are transferred to policies, procedures, and all other documents with a combined approach.

Sanctions in case of GDPR Violation & Data Breach

In case of data breach under GDPR

A fine up to 20 Million Euro or up to 4% of global turnover of the previous fiscal year shall be applicable.

What are the fundamental needs for GDPR compliance?

Establishing risk assessment and organizational controls

Determination of data flows and preparation of data inventory

Defining legal responsibilities

Taking all necessary precautions regarding data protection processes and establishing an end-to-end data security infrastructure

Appointment of DPO (Data Protection Officer)

Updating existing policies and procedures, preparing and reviewing the Binding Corporate Rules (BCR)

Reviewing communication processes in marketing and social media channels

Notification!

The content in this article is for general information purposes only and belongs to CottGroup^® member companies. This content does not constitute legal, financial, or technical advice and cannot be quoted without proper attribution.

CottGroup^® member companies do not guarantee that the information in the article is accurate, up-to-date, or complete and are not liable for any damages that may arise from errors, omissions, or misunderstandings that the information may contain.

The information presented here is intended to provide a general overview. Each specific case may require different assessments, and this information may not be applicable to every situation. Therefore, before taking any action based on the information provided in the article, it is strongly recommended that you consult a competent professional in the relevant fields such as legal, financial, technical, and other areas of expertise. If you are a CottGroup^® client, do not forget to contact your client representative regarding your specific situation. If you are not our client, please seek advice from an appropriate expert.

To reach CottGroup^® member companies, click here.