Do Your Safety MeasuresMeet KVKK Requirements?

PERSONAL DATA PROTECTION COMPLIANCE CONSULTANCY

Thanks to end-to-end compliance and data protection solutions offered by VeriSistem®, you can step into a more successful digital future by securing your processes regarding personal data.

New technologies have led to significant changes in our daily lives. The reflections of these changes appear as new rules and laws on privacy and security. Today, both public institutions and private sector have access to various information belonging to thousands of people within the scope of the performed business. This information obtained can be processed and transmitted easily as a result of the rapid developments in information technologies.

By increasing the requirements of companies in terms of privacy and security, this transformation made digitalization inevitable. This necessity can also be seen by various organizations as a "technological restructuring" opportunity. Due to the Turkish Personal Data Protection Law (KVKK), which has been introduced in 2016, organizations that do not have enough infrastructure and knowledge in the area of privacy and security have started to focus on this area.

Personal Data Protection is directly related to the right of privacy, which is one of the fundamental human rights. Before KVKK, the rules on the Personal Data Protection were to specify with Turkish Criminal Code, Constitution and other relevant legislation. Personal Data Protection Law No. 6698 is the most important legal regulation with the most severe sanctions.

What is KVKK?

Personal data rules and regulations defined for Turkey

Güvenlik

KVKK

Turkish Personal Data Protection Law

Güvenlik

Effective Date

April 07, 2016

KVKK Başlangıç Tarihi

Our consultancy services on the Turkish Personal Data Protection Law identify risks that may arise due to legal non-compliance and provide you to take the necessary technical and administrative measures for the processing and protection of all kinds of personal data in accordance with the law.

Legal responsibility and basic principles

Negligence and breach of the protection of personal data impose heavy legal and criminal liabilities on business organizations. For example, as of 2019, sanctions up to 100.000 TL are applied in case of breach of the disclosure obligation; sanctions up to 1.000.000 TL shall be applied in case of breach of VERBIS registration obligation and notification. If the personal data are not destructed within the specified period, imprisonment up to 2 years and in case of unlawful action, penalty of imprisonment shall be imposed up to 4 years. Similarly, in the case of compliance issues with GDPR, high penalty fines are imposed, up to 4% of the company's global turnover for the previous year or up to 20,000,000 EUR.

The basic principles for the processing of personal data should be included in all kinds of data processing activities and such activities should be carried out in accordance with these principles:

Legal compliance with good faith and honesty

Being accurate and up to date

Processing for specific, clear and legitimate purposes

Being connected, limited and restrained related to the purpose they are processed

Data minimization & storing minimum data

Legal retention periods & purpose for processing data

In the process of compliance with the Personal Data Protection Law, first of all, awareness should be created about privacy and security and data security should be made a part of corporate culture. Organizations exchange information on personal data in many areas from production to sales of products and services, from purchasing to financial processes. For example, the population of Istanbul was over 15 million in 2018. Personal data and sensitive personal data of all people living in Istanbul are processed for various purposes. This indicates the intensity of personal data and sensitive personal data.

Have you fulfilled your obligation to
register with VERBIS?

Don't be late! Don't regret!

Do you check your business e-mails regularly?

Turkish Personal Data Protection Authority sent an e-mail to organizations which have not yet fulfilled their VERBIS Registration Obligation. The Authority has given a period of 30 days for those organizations to complete their registration as of the receipt of the e-mail.

Contact us for your VERBIS registration. We will offer tailor-made solutions with the ideal service packages to meet your needs.

Get Offer

What can you achieve with digital transformation and compliance process?

Heavy penal sanctions, cyber threats, unlimited and fast information needs of the information society necessitate digital transformation. Organizations that completed their technical and administrative processes within the compliance period, will have the following commercial advantages.

To complete the necessary compliance processes and protect their data, business organizations that have completed requirements by establishing the policies, procedures and infrastructure of privacy and security processes will significantly reduce risks.

Today, the most important part of customer satisfaction is digitalization. Fast and secure digital interaction of the clients with the organization enhances loyalty and trust to a great extent.

Fast and secure sharing of accurate information enhances the agility within the organization, employee commitment with faith and trust.

Your data, which must be kept confidential, are generated through the exchange of information between you and your employees, their families, clients, suppliers and any other third-party organizations. Digital transformation requires fundamental changes in the services you provide in all areas of your business and operations of any kinds. This new cultural formation will only be possible by radically changing the status quo that provides administrative and operational comfort in your organization.

Penalty fines imposed in case of KVKK breach

In case disclosure obligation is contradicted;

2016 (Amount Stipulated in the Law):
5.000 ₺ - 100.000 ₺
2016 (Kanunda)
2021 (Current Amount) :
9.834 ₺ - 196.686 ₺

In case of breach of Data Security obligations;

2016 (Amount Stipulated in the Law):
15.000 ₺ - 1.000.000 ₺
2021 (Current Amount) :
29.503 ₺ - 1.966.862 ₺

In case of contradiction with the decisions of the Board;

2016 (Amount Stipulated in the Law):
25.000 ₺ - 1.000.000 ₺
2021 (Current Amount) :
49.172 ₺ - 1.966.862 ₺

In case of breach of VERBIS registration obligation and notification;

2016 (Amount Stipulated in the Law):
20.000 ₺ - 1.000.000 ₺
2021 (Current Amount) :
39.337 ₺ - 1.966.862 ₺

Sanctions arising from the Turkish Criminal Code

In case of illegal processing of personal data

1 up to 3 years sentence to prison, the penalty for sensitive personal data is increased by half

In case of providing or obtaining data illegally

2 up to 4 years sentence to prison

In case of non-purging of personal data within the period specified by law

1 up to 2 years sentence to prison

At the center of the Turkish Personal Data Protection Law, there is an organizational discipline that consists of administrative and technical measures related to data protection in general. In order to place this discipline in every stage of the organization, the road map in the process of digitalization must be specified in detail.

How does the compliance process progress?

1

Strategic planning, gap analysis, questionnaires

2

Awareness trainings

3

Preparation of data inventory and determination of responsibilities

4

Review and development of policies and procedures

5

Submission of compliance report

6

Governance, monitoring, auditing and updates

Preparation Assessment - GAP Analysis

In order to complete a successful compliance process, we analyze the current situation of the organization in detail and prepare a roadmap covering all stages.

Scored assessment and graphical analysis for the assessment of the current situation

Audit checklist prepared as a result of assessment

Process checklist (which data are used; where and for what purpose they are used)

Examining your Binding Corporate Rules (BCR) that ensure the transfer and protection of the data you transfer abroad and improving necessary areas

KVKK & GDPR Consultancy

Contact us for information about the KVKK & GDPR

ISO9001 ISO27001 ISO22301 ISO10002

I accept to receive newsletters, legislation, current news, new service suggestions, advertisements and announcements.

I have explicit consent to the processing of my data within the framework of Personal Data Protection Policy and Privacy Policy.*

* Required Field