What is GDPR?
The European Union is having a significant weight in Turkey's exports will begin implementation within the EU General Data Protection Regulation (EU's GDP) has entered into force since May 25, 2018.
GDPR introduces very strict regulations and imposes heavy penalties on companies that do not act properly in relation to personal data, up to 4 percent of annual turnover or up to 20 million euros.
It affects all companies that are exporting e-exports to the countries of the European Union. “The new regulation puts the individual first of all at the center. Companies must express all processes in which personal data is requested in a clear, transparent and understandable manner. On the other hand, GDPR also makes it easier for users to remove their previously granted data processing permissions at any time.
EU GDPR (EU General Data Protection Regulation), which can be defined as the EU General Data Protection Regulation, was enacted on Friday, May 25, 2018 in order to protect the personal information security and privacy rights of the citizens of the European Union. GDPR, which has been shown as one of the biggest reforms made by the EU in the protection of personal data in recent years, is closely related to the companies exporting e-exports to the European Union countries due to the regulations it has introduced.
Those who do not comply with EU data security regulations may face fines of up to 20 million Euros
Although the new regulation has very clear lines: Since the new regulation is created by centering the user, all the substances in it determine the steps that companies should take by looking at the subject from the perspective of the user completely.
In GDPR, the user is identified as "contact". This regulation, created by taking everyone's own personal data to the center, brings important limitations and restrictions to companies in this context. Companies that disregard this may have to pay significant penalties. services or goods to EU countries via Turkey, selling the companies may encounter due to violations of GDP up to 20 million euro fine.
5 important points in the new GDPR
If you have a company that sells goods or services to the EU through export, it is a good idea to review your eligibility for GDPR. To comply with the GDPR regulation, the five main points that companies should take into consideration are as follows:
1- Wide Range of Authority:
GDPR compliance will be sought for all companies that process the personal data of anyone living within the European Union, regardless of where the company is located. For example, the Turkey-based e-commerce on your page, from pre-sales to customers in Germany and do all the steps in the post will be sought GDP compatibility for all data you collect. (Email membership, SMS notification, website tracking and tracking tools, etc.)
2- High Penalties:
All institutions and organizations, including controllers and processors that are not compliant with GDPR, may be fined up to 4% of their annual global turnover or up to 20m euros (whichever is greater).
When requesting personal information from the user, consent must be sought in a clear and easily understandable manner and this process should be established in such a way that it can be distinguished from other processes or issues. When the user gives up, he should be able to easily and quickly revoke his prior consent. In addition, companies will only be able to request personal data that is really relevant to the services they offer. For example, it should be very clearly and visibly manageable, such as email, SMS, or in-app notifications. The user should be able to turn off notifications in a simple way.
4- Infringement Notices:
Violation notices will be mandatory. According to the new regulation, the institution or organization must complete the notification process within 72 hours after it becomes aware of the violation. For example, if an infiltration into the database is detected, the affected users should be identified within 72 hours, they should be informed of the violation in a clear and transparent manner and remedies should be addressed.
The new regulation entails the requirement that the data protection function be incorporated into the process and process from the outset when designing systems, but not through add-on. Therefore, companies need to design their systems in accordance with the new regulation from the very first day.
Although all companies doing business with the European Union need to address the issue with sensitivity and urgency, in order to collect, store and process the information belonging to their customers and related persons, first of all the purpose and the purpose for which this information is requested must be clearly stated. If the purpose changes, the person concerned must be re-granted.
Therefore, all companies with commercial relations with the EU before dealing with personal data; We recommend that you do a thorough review of how to use this data. The relevant procedures are understandable; they should ensure that there are no gaps and whether they are in full compliance with the renewed GDPR regulation of the European Union. Moreover, they should do this very quickly, because the regulation will be in force as of May 25, 2018. Otherwise, companies may face serious sanctions.
Will GDPR affect your company ?
GDPR applies both to organizations within the European Union and to companies outside the European Union. All companies that offer goods or services to European citizens or monitor their behavior are affected by GDPR regulations. The GDRP implementation has a very large domain because it is a valid regulation for both controllers and handlers.
Please click here to reach the related legal regulations.