Do You Have Applicable Security Measuresto Meet GDPR Requirements?


VeriSistem® provides the most appropriate solutions and European Union General Data Protection Regulation (GDPR) compliance services with a holistic approach to ensure you are compliant with the GDPR processes you need for your organization.

The EU General Data Protection Regulation (GDPR) is the most important change in data security over the last 20 years. This law, adopted by the European Parliament on 14 June 2016, has been effective as of 25 May 2018 and imposes severe penalties on organizations that do not comply with laws on GDPR compliance.

GDPR replaced the Directive 95/46/EC on the Processing and Free Movement of Personal Data of the European Parliament and the Council of Europe. Its main purpose is to ensure that citizens of the European Union have an effective privacy and security approach with the reshaping of compliance in organizations in order to ensure data security.


Are you sure that you are not subject to GDPR?

Article 3 of the GDPR relates to the Regional Scope. In the 2nd chapter of the article;

If an organization established outside the EU is offering products and services to the data subjects living in the EU or monitoring the behavior of a natural person within the EU even if this is not based on any payment, these are sufficient indicators showing that the organization is subject to GDPR.

To interpret the relevant article of the law; for example, if you offer services and products in one of the languages spoken in the EU on your organization's website, you are in the Increased Territorial Scope. If you collect the data of persons from a contact page and offer them a list of currencies and prices used in Europe, you are in the scope of GDPR. In addition, for example, identifying the data of persons through a website or different methods by profiling, finding their habits, and obtaining their IP addresses by using cookies are also evaluated within this scope. On the other hand, if you are engaged in import, export and any commercial activities with EU member states, you must meet the GDPR compliance requirements.

What is it?

Personal data rules defined for EU



European Union
General Data Protection Regulation



In force as of:
May 25, 2018

KVKK Başlangıç Tarihi

Does your effort for KVKK meet the necessary GDPR compliance requirements?

As GDPR is related to the personal data of EU citizens living within or outside Europe, organizations resident in Türkiye are significantly mislead. Likewise, many organizations outside the EU region have similar perception. For example, as in 2018, according to various studies, 50% of American companies think that they will not be affected by GDPR. Only 12% of Asia-Pacific companies prepared for GDPR.

Some misleading publications report that GDPR is a regulation that applies only in the EU. This is completely wrong. Many organizations in Türkiye fall within the scope of GDPR, along with KVKK for various reasons. It is important that the administrative and technical measures required by the two laws differing in terms of retention periods, responsibilities, and penalties that need to be determined during the compliance process, are transferred to policies, procedures, and all other documents with a combined approach.

Sanctions in case of GDPR Violation & Data Breach

In case of data breach under GDPR

A fine up to 20 Million Euro or up to 4% of global turnover of the previous fiscal year shall be applicable.

What are the fundamental needs for GDPR compliance?

Establishing risk assessment and organizational controls

Determination of data flows and preparation of data inventory

Defining legal responsibilities

Taking all necessary precautions regarding data protection processes and establishing an end-to-end data security infrastructure

Appointment of DPO (Data Protection Officer)

Updating existing policies and procedures, preparing and reviewing the Binding Corporate Rules (BCR)

Reviewing communication processes in marketing and social media channels


Contents provided in this article serve to informative purpose only. The article is confidential and property of CottGroup® and all of its affiliated legal entities. Quoting any of the contents without credit being given to the source is strictly prohibited. Regardless of having all the precautions and importance put in the preparation of this article, CottGroup® and its member companies cannot be held liable of the application or interpretation of the information provided. It is strictly advised to consult a professional for the application of the above-mentioned subject.

Please consult your client representative if you are a customer of CottGroup® or consult a relevant party or an expert prior to taking any action in regards to the above content.

Let's start
Get a quote for your service requirements.

Would you like to know more
about our services?