Protection of Personal Data
PERSONAL DATA PROTECTION LAW NO. 6698 was enacted by the queen in 2016.
The procedure and principles for processing personal data are determined by law and have a legal basis.
The regulation regarding how the personal data of the relevant person will be processed has given many rights to the relevant persons, and accordingly, responsibilities have been imposed on the data controllers who record the personal data.
Data controller can simply be any natural or legal person that processes personal data.
Who is the Data Controller? The data controller is the pharmacy of the drug prices, the dates, the neighborhood market, your school, that is, people or institutions that are touched in every aspect of life.
Data controllers must take the necessary administrative and technical procedures to protect personal data and ensure that data distribution is divided.
However, those who meet certain conditions must register with the DATA CONTROLLERS REGISTRY INFORMATION SYSTEM (VERBIS). The deadline for the VERBIS registration system has been extended by the PERSONAL DATA PROTECTION AUTHORITY due to the pandemic process and 31.12.2021 has been determined as the deadline for now.
WHAT NEEDS TO BE DONE WITHIN THE SCOPE OF THE PERSONAL DATA PROTECTION LAW SHOULD BE CONSIDERED IN TWO STAGES.
1 STAGE:
COMPATIBILITY STUDIES:
The data controller of this process must determine the work that needs to be done within the scope of KVKK and take the necessary precautions.
Getting professional support on this issue, as the process is a bit complicated and there is a lot of work to be done.
In order to continue the compliance process, it is necessary to work with people or institutions who are familiar with the legislation and who are well versed in both technical and administrative activities. Each of the administrative and technical procedures that need to be taken must be reviewed one by one and all procedures must be carried out.
Any mistakes made at the end of the process will result in huge financial and criminal liability.
The data controller, so to speak, must take the necessary actions and carry out the necessary actions according to the participation and arrival of the x-ray.
At this stage, which we define as the 1st stage, the necessary administrative and technical screening must be carried out and the data controller must be made compliant with the KVKK.
From this moment on, the 2nd stage begins.
STAGE 2:
CONTINUING THE KVKK COMPLIANCE PROCESS AND ENSURING CONTINUITY:
It is very important to maintain the continuity of this application after regulating KVKK compliance and completing the necessary technical and administrative procedures. Because the KVKK process is a living process.
The technical and administrative procedures carried out by data controllers must be filed and previously distributed documents and processes must be updated.
For example, although the employment contract is made compatible with the KVKK, the business world will be updated if there are changes in the legislation later.
In the data retention and destruction policy, a processing data committee has been established, but what is expected to be kept by the committee that is later separated from the people involved?
Again, how will the necessary applications be made in case of data loss in the business?
How will personal data stored for the required legal periods be destroyed at the end of the period and who will decide?
What will be paid to the person concerned?
This second phase, in which data controllers are overlooked and not explained to them, will have detrimental consequences for data controllers.
Because data controllers, who entrust the first stage of the work we explained above to those who do not have daily concerns and do it very cheaply, will be left alone and without support in the second stage.
It will become possible to be exposed to financial and criminal sanctions.
It does not matter whether it is small or large, all transactions are avoided by seeing these transactions as an additional burden and costs. Since there are no personnel trained in this field, the issue is transferred to HR staff or a member of accounting. However, the HR or accounting staff will keep this job as a chore in addition to the main job and will not be able to do it in accordance with the KVKK process standard.
In order to avoid this troublesome process, data controllers need to work with serious solution partners who will be with them in this process and stand behind their work.
Just as external support is received for accounting transactions, occupational safety and health procedures, external professional support is received for legally separating, changing, changing and continuing the process within the scope of the personal data protection law.
Thus, it will be possible to bypass KVKK compliance without any problems and maintain compliance.