HAVE YOU DONE YOUR KVKK (Personal Data Protection Law) RISK ANALYSIS ?
With the Personal Data Protection Law No.6698 (KVKK), it is aimed to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, and to regulate the obligations of the persons who process these data in the processing of personal data. As of 07.10.2016, which is the effective date, this law brings along many responsibilities for all organizations that process personal data
KVKK RISK ANALYSIS
You can determine how you are in the face of your Obligations regarding the KVKK Law that you are obliged to apply in your institution with the test below. Answer each question in the test correctly for your company. At the end of the test, your ‘risk rate’ will be determined.
HOW YOU CAN KEEP YOUR DATA SAFE FOR KVKK COMPATIBILITY ?
You have to know how all the data your company has is used. You need to view where sensitive data has been moved, who is using it and for what purpose
DATA USAGE RULES
You should establish precise rules about who can work with personal data and in what way. These rules should not be kept in words, they should be implemented effectively
TRAINING OF EMPLOYEES
Every employee should know what data should be used and in what way. You can set data usage limits by informing employees about your security policy
All data containing personal information must be encrypted. You must spread the use of encryption throughout your company, including endpoints.
DATA LEAK PREVENTION (DLP)
Data leakage prevention must be implemented effectively and cover all communication channels. Removable devices such as e-mail, printers, USB, DVD and other communication channels should be checked to ensure that only certain data can go outside the company.
WHAT WILL CHANGE WITH KVKK ?
Many heavy sanctions; Administrative fines and prison sentences ranging from 5,000 to 1,000,000 TL.
All organizations that process personal data are affected by this regulation, without any discrimination.
The necessity to take necessary technical and administrative measures to ensure data security.
The data cannot be processed without the express consent of the persons in line with their intended use
Obligation to determine a “Data Supervisor” for organizations that process data systematically.
Businesses have to inform the KVK Authority within 15 days at the latest in case of requesting information about data usage.