Turkish Personal Data Protection Law (KVKK) 

'Law on the Protection of Personal Data No. 6698', which has been pending for many years and entered into force after being published on April 7, 2016, protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data, and regulate the rules and obligations of real and legal persons processing personal data. has the purpose.

Except for the exceptions set out in the Law, personal data shall not be processed without the express consent of the person concerned; will not be transferred to third parties and abroad. In case of failure to comply with the articles mentioned in the separate articles of the Law, institutions may be subject to administrative fines. According to the law, a prison sentence of one to three years is provided for those who violate personal data. In addition, the person who seizes this data through a violation may be sentenced to imprisonment from 2 to 4 years. Administrative fines may increase from TL 5,000 to TL 1,000,000, depending on the unfulfilled item (s).

Law on Protection of Personal Data; personal data are considered as the information entrusted to the institutions and organizations by their original owners; It provides the basis for the institutions that process the data to be accountable to the original owners of the data they are entrusted with, and defines the rules. The law brings about an important transformation for institutions that process personal data. The main question of the institutions is: What should we do to be accountable about the personal data we receive from the trustees? En The institutions that can answer this question will also comply with the Law on Protection of Personal Data.

In terms of metadological aspects, Corporate Architecture and Information Security perspective are very important to meet the Law on Protection of Personal Data.

From the point of view of Corporate Architecture, Business Services, Processes, the roles and responsibilities of the participants (person, organization unit or systems) in which the data is processed, the data accessed by the application software and systems used by the participants, and the technology components in which the data is stored or processed are end-to-end. Corporate Architecture.

From an Information Security point of view, information security issues such as Access Security and Management, Software authorizations and Application Control, Device Control, Database authorizations and security, and Network Access routines and Management stand out.

Please click here to reach the related legal regulations.