THE PROTECTION OF PERSONAL DATA AND CYBER CRIMES
WHAT IS PERSONAL DATA?
Personal data refers to any information relating to an identified or identifiable natural person. Accordingly, in order for an information to be considered personal information, the data must relate to a real person and make the person specific. It is important to define whether an information is in the nature of personal data by evaluating it for each event.
WHAT IS THE LAW ON THE PROTECTION OF PERSONAL DATA (“KVKK”)?
The Law on the Protection of Personal Data No. 6698 (“KVKK”) is the law that regulates the obligations of natural and legal persons who process personal data and the rules to comply with regarding the discipline of processing personal data based on the privacy of private life.
WHEN DID THE LAW ON THE PROTECTION OF PERSONAL DATA (“KVKK”) COME INTO EFFECT?
The Law Draft on the Protection of Personal Data, which was prepared in the European Union harmonization process, was accepted by the General Assembly of the Grand National Assembly of Turkey on March 24, 2016, and the Law on the Protection of Personal Data No. 6698 was published in the Official Gazette dated April 7, 2016 and numbered 29677 and entered into force.
WHAT IS THE PURPOSE OF THE LAW ON THE PROTECTION OF PERSONAL DATA (“KVKK”)?
Because of the sensitive data becomes easily accessible and vulnerable to malicious use in consequence of the developments on communication and technology and rapid digitalization today, with The Law On The Protectıon Of Personal Data (“KVKK”), it is aimed to process and protect personal data within the framework of certain standards, and to prevent unauthorized use by unauthorized persons in an unregulated and unlimited manner.
WHAT DOES THE LAW ON THE PROTECTION OF PERSONAL DATA (“KVKK”) COVER?
The Protectıon Of Personal Data (“KVKK”) applies to natural persons whose personal data are processed, and to natural and legal persons who process this data fully or partially automatically or non-automatically, provided that they are part of any data recording system (registration system in which personal data is processed by structuring according to certain criteria). In this respect, no distinction has been made in terms of real persons, organizations operating in the private sector, and public institutions and organizations, and it has been adopted that the prescribed procedures and principles are applied for all institutions and organizations.
WHAT IS EXPLICIT CONSENT?
Explicit consent, as a result of informing on a particular subject; It is the person's free will, having sufficient information, and making a declaration of approval, limited only to the transaction in question.
WHAT IS EXPRESS CONSENT TEXT?
Explicit consent text within the scope of The Protectıon Of Personal Data (“KVKK”); It is a written text in which the person specifies the scope, transfer and realization method of the personal data that he/she allows to be processed with sufficient information and free will, and gives permission and consent to the processing of his/her personal data.
WHAT IS CLARIFICATION TEXT?
It is a text prepared in a clear, understandable and plain language that is far from terminology, proving that the data owner has been adequately informed about the procedures and principles regarding the processing of personal data by the data controller and that the data controller has fulfilled his obligation to inform.
WHO IS THE DATA CONTROLLER?
Data controller refers to the natural or legal person who determines the purposes and means of processing personal data, is responsible for the establishment and management of the data recording system, and at the same time, the processing of personal data and the purpose of processing, the types of personal data to be processed, the purposes for which the processed personal data will be used, the personal data of whose personal data will be used. It is the person who determines the processing of personal data, the sharing of personal data and the persons to be shared, the storage period of personal data, the right of access and the implementation of other rights of the data subjects.
WHAT ARE THE OBLIGATIONS OF DATA CONTROLLER?
Data controller within the scope of Article 12 of The Protectıon Of Personal Data (“KVKK”) is obliged to:
• To prevent the unlawful processing of personal data,
• To prevent unlawful access to personal data,
• To ensure the protection of personal data.
In order to fulfill these obligations, the data controller must take all necessary technical and administrative measures to ensure the appropriate level of security.