Information Security and K.V.K.C.
What is Information Security?
Information security, as a type of asset, is defined as preventing unauthorized or unauthorized access, use, modification, disclosure, destruction, conversion and damage to information, and it consists of three basic elements called "confidentiality", "integrity" and "accessibility". it occurs. If any of these three basic security elements is damaged, a security vulnerability occurs.
Confidentiality: It is the protection of information against unauthorized access and unauthorized access.
Integrity: Information is not changed by unauthorized persons.
Accessibility: Information is accessible and usable when needed by authorized persons.
Information security management system
Information security is a system that ensures the security and integrity of information and allows authorized persons to access information easily when necessary. It is abbreviated as ISMS. It is regulated by the international ISO 27001:2013 standard. An organization that fulfills the requirements of this standard means that it has taken an important step towards ensuring the security of Information assets, which are at the forefront of value assets.
Official License: It is a non-transferable permission granted by a public authority to perform a business that is restricted or regulated by law.
Bgys is the process of protecting information from unauthorized use, unauthorized disclosure, unauthorized destruction, unauthorized modification, damage to information, or preventing unauthorized access to information. The terms information security, computer security, and information insurance are often used interchangeably. These areas are relevant and share common goals of protecting privacy, integrity and availability of information.
ISO 27001 Information Security Management System
The Information Security Management System (ISMS) standard covers all types of organizations (for example, commercial organizations, public institutions, non-profit organizations). This standard specifies the requirements for establishing, implementing, monitoring, reviewing, maintaining and improving a documented ISMS in the context of all business risks of the organization. Specifies requirements for performing security controls customized to the needs of independent organizations or parties.
ISMS is designed to provide adequate and proportionate security controls that protect information assets and give confidence to relevant parties.
ISO 27001 Who concerns?
ISO/IEC 27001 is suitable for all organizations, large or small, from any country or industry in the world. This standard is particularly necessary in areas where the protection of information is of paramount importance, such as the finance, healthcare, government and IT sectors.
ISO/IEC 27001 is also very important for organizations that manage information on behalf of others, such as IT outsourcing companies: it can be used to reassure customers that their information is protected.
Benefits of establishing an ISO 27001 Information Security Management System
Recognizing information assets: The organization realizes which information assets exist and their value.
• Ability to protect its assets: It determines the controls and protection methods it will establish and protects it by applying it.
• Business continuity: It guarantees its business for many years. In addition, in the event of a disaster, it will have the ability to continue work.
• Being at peace with the relevant parties: Since their information, especially their suppliers, will be protected, they gain the trust of the relevant parties.
• It protects the information thanks to a system and does not leave it to chance.
• If it evaluates its customers, it is evaluated better than its competitors.
• It increases the motivation of the employees.
• Prevents legal pursuits
• Provides high prestige
What is KVKK and What Are Our Responsibilities?
KVKK means the law on the protection of personal data. You can find the answers to the questions of what is the KVKK, when it came into force, what is the purpose and scope of the law in this content. First of all, we would like to start by explaining the concept of data, that is, information. Knowledge is the name given to all the facts, facts and principles that the human mind can take. Information has been among our most important assets throughout history. It has been the greatest source of wealth, wisdom and most importantly technology. There was knowledge a thousand years ago and it still exists today. In the same way, we set rules to protect information a thousand years ago, and today we develop laws, rules and standards to protect information. Knowledge has always been important throughout human history.
Likewise, knowledge is among the most important assets of an institution. Organizations compile, share, sell or use the knowledge they have to obtain a product or a service. Institutions suffer when access to information is not possible or when the information required for the value and products produced by the institutions is stolen or changed.
Information is sometimes stored on our desk, sometimes in books, sometimes on paper, and sometimes in specially designed systems. Most importantly, knowledge is in the minds of employees. For this reason, information must be protected as necessary, regardless of the environment.
Since the middle of the twentieth century, it has become easier to obtain information thanks to the developments in the fields of communication and technology. Likewise, access to information has become much easier for malicious people who want to steal, harm or share information.
Information is the most important capital of the technology age we live in.
Today, countries, institutions, companies and even individuals have started to digitize rapidly due to business or entertainment tools, and then information has become much more important for everyone.
As access to information became easier, it attracted the attention of malicious people, and as the value of information increased, it caused attacks to increase. Technology has not only made our access to information much easier, but also allowed attackers to use new techniques and new methods.
We Have To Protect Data In Any Environment!
Both public and private institutions and organizations have been collecting, selling or sharing personal data for a long time in order to launch a service or product. However, within the scope of fundamental rights and freedoms of individuals, the protection of data during data processing should be a priority.
It has become inevitable to collect personal data for the continuation of the services provided by the institutions, for the effective public offering of public services, for the development, distribution and marketing of goods and services.
While this data is being collected, it should be mandatory for our personal rights and freedoms to prevent personal data from being opened to access by unauthorized persons, disclosure, violation of personal rights as a result of misuse or misuse, due to the unlimited and random nature of personal data.
For this reason, "Convention No. 108 on the Protection of Individuals Against Automatic Processing of Personal Data" was opened for signature on 28 January 1981 by the Council of Europe in order to protect personal data at the same standards in all member countries and to determine the principles of cross-border data flow. Signed within the scope of European Union Membership.
This agreement was finally published in the Official Gazette on 17 March 2016 and included in domestic law.
What is the Right to Protection of Personal Data?
With the constitutional amendment made in 2010, the right to demand the protection of personal data, which is regulated as a fundamental right as stated in Article 20 of the Constitution, which regulates the privacy of private life, is included in the section of the Constitution on the rights and duties of the individual. Likewise, the right to protect personal data may be limited in favor of other rights and freedoms within the limits drawn in the Constitution. The Draft Law on the Protection of Personal Data, prepared within the scope of harmonization with the European Union, was submitted to the Presidency of the Turkish Grand National Assembly on January 18, 2016.
When did KVKK come into force?
The KVKK law text in question was adopted by the General Assembly of the Grand National Assembly of Turkey on 24 March 2016 and enacted and entered into force after being published in the Official Gazette dated 7 April 2016 and numbered 29677.
What is KVKK?
KVKK is the Law on the Protection of Personal Data. At the same time, the KVKK institution has entered our lives in order to operate this law and maintain the processes. After this date, audits started and serious steps were taken to protect personal data. The KVKK law, which has been waiting as a draft for a long time, was published in the Official Gazette on 7 April 2016 and entered into force. In this way, the obligations of companies that process personal data and the rules to be followed in order to protect the fundamental rights and freedoms of individuals, from the processing of personal data to the privacy of private life, have been determined.
What is the Purpose of the Law No. 6698 on the Protection of Personal Data?
With this law, which was prepared to take into account international documents, comparative law practices and the needs of our country, it is aimed to process and protect personal data in contemporary standards.
The purpose of the KVKK Law has started with regulating the conditions for the processing of personal data, the protection of fundamental rights and freedoms of individuals in the processing of personal data, the obligations of natural and legal persons who process personal data and the procedures and principles to be followed. Protecting the privacy of the individual and ensuring data security are also considered within this scope. With the KVKK law, it is aimed to prevent the violation of personal rights as a result of unlimited and random collection of personal data, making it accessible to unauthorized persons, disclosure or misuse or misuse of personal data.
Who Covers the Personal Data Protection Law?
The KVKK Law applies to natural persons whose personal data are processed and to natural and legal persons who process this data fully or partially automatically or non-automatically provided that they are part of any data recording system. In other words, this law covers anyone who processes some or all of the data.
Since natural persons whose data are processed are mentioned in the Law, everyone who has a legal capacity is included in the scope of this Law. However, since the term "real persons whose personal data are processed" is used in the Law, legal entities whose personal data are processed are excluded from the scope of this Law. In terms of those who carry out data processing activities, the Law does not distinguish between natural persons and legal persons. On the other hand, those who process data without being part of the data recording system are excluded from the scope of the Law.
Protection of Personal Data
When it comes to the protection of personal data, it is first aimed to discipline the processing of personal data and to protect fundamental rights and freedoms. In fact, the protection of personal data basically aims to protect the people to whom this data is related, not the data.
According to the expressions in the law; It refers to the administrative, technical and legal measures aimed at protecting individuals from damages arising from the fully or partially automatic or non-automatic processing of the data about them and embodied in the principles regarding the protection of personal data.
What is the Definition of Personal Data?
According to these expressions, “personal data” refers to any information relating to an identified or identifiable natural person. In order to be able to talk about personal data, the data must be related to a natural person and this person must be specific or identifiable. In other words, there is a condition that the person must be clearly stated in the stored or processed data.
To give an example, Cyber Security Specialist Ali Ahmet ali.ahmet@example.com When we look at this example, we can clearly say that it refers to a single person since title information, name, surname and e-mail are included together.
Personal data relates to natural persons, and data related to legal entities are outside the definition of personal data. Therefore, information regarding a legal entity such as a company's trade name or address (except when they can be associated with a natural person) will not be considered personal data.
Making the person specific or identifiable: While personal data can show the identity of the person concerned, it does not show the identity of that person directly, but also includes all the information that enables the person to be identified as a result of associating with any record.
All kinds of information: This expression is extremely broad and a natural person; information such as name, surname, date of birth and place of birth, not only revealing the identity of the individual; phone number, motor vehicle license plate, social security number, passport number, resume, pictures, video and audio recordings, fingerprints, e-mail address, hobbies, preferences, people interacted with, group memberships, family information, health information, etc. or all data that makes it identifiable indirectly
What Does Sensitive Personal Data Mean?
Special categories of personal data are data that, if learned by others, may cause the person concerned to become a victim or be exposed to discrimination. To give an example of special quality personal data; We can list people's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. . Accordingly, sensitive personal data generally holds many sectors responsible.
What Does the Processing of Personal Data Mean?
Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data completely or partially by automatic or non-automatic means provided that it is a part of any data recording system. It refers to all kinds of operations performed on the data, such as blocking. For example, storing personal data only on a disk, CD or server is a data processing activity, even if no other operations are performed with the aforementioned data. In other words, storing personal data also means processing personal data.
What Does the KVKK Law No. 6698 and the Obligation to Light Mean?
The KVKK Law No. 6698, which provides control and sets the rules in the processing of personal data, aims to protect fundamental rights and freedoms. The Procedure to be Complied with the Fulfillment of the Clarification Obligation published in the Official Gazette dated 10 March 2018 and numbered 30356, in Article 10 of the KVKK titled “Information Obligation of the Data Controller” on the Protection of Personal Data No. 6698 published in the Official Gazette dated 7 April 2016 and numbered 29677. and to protect the rights and freedoms of consumers regarding the storage, sharing, use and similar points of our personal data processed in accordance with the Communiqué on the Principles and Principles. Before processing the data of the consumers, information should be given in accordance with the obligation to enlighten, and it has become mandatory to inform the consumers by obtaining their explicit consent for processing, sharing and similar situations.
What Does the Automatic Processing of Personal Data in the Law Mean?
The law does not define what automatic processing is. In this context, processing that is fully or partially automated; It can be defined as performing automatic or partially automatic processes such as recording data, applying logical or arithmetic operations to these data, changing, deleting, recovering or transferring data by minimizing the need for human intervention or assistance.
In other words, automatic data processing; computer, phone, clock etc. It covers all of the processing activities that occur spontaneously without human intervention within the scope of algorithms prepared in advance through software or hardware features, performed by devices with processors.
What Does Non-Automated Processing of Personal Data Mean?
Processing by non-automatic means, depending on a data recording system, refers to the processing activity that is prepared manually but facilitates access and interpretation. As stated above, even if personal data are not automatically processed, they are also subject to the provisions of the Law when they are processed through a "data recording system".
The Personal Data Protection Authority was established a while ago as an autonomous institution in our country in order to follow the studies and practices for the protection of personal data. The purpose of the institution, which is expressed as KVKK, is to ensure the protection of personal data in our country and to raise awareness about this, within the scope of the protection of the privacy of private life and fundamental rights and freedoms stipulated in the Constitution, as well as to create an environment that increases the international competitive capacity of private and public actors in the data-based economy. is expressed as. It is defined as being an effective and internationally influential authority in the protection of personal data and the formation of citizenship awareness regarding it.
Within the scope of the law, companies, government institutions, universities, foundations, chambers, associations, small or large enterprises, organizations were given time until June last year to establish a management system regarding the protection of personal data and to comply with the Personal Data Protection Law. Then, the KVKK institution started to audit and examine the notifications. Administrative penalty of between 5,000 and 1,400,000 TL for misdemeanors within the scope of the law, closing down the institutions that do not establish a legal system for the protection of personal data.
Information security, as a type of asset, is defined as preventing unauthorized or unauthorized access, use, modification, disclosure, destruction, conversion and damage to information, and it consists of three basic elements called "confidentiality", "integrity" and "accessibility". it occurs. If any of these three basic security elements is damaged, a security vulnerability occurs.
Confidentiality: It is the protection of information against unauthorized access and unauthorized access.
Integrity: Information is not changed by unauthorized persons.
Accessibility: Information is accessible and usable when needed by authorized persons.
Information security management system
Information security is a system that ensures the security and integrity of information and allows authorized persons to access information easily when necessary. It is abbreviated as ISMS. It is regulated by the international ISO 27001:2013 standard. An organization that fulfills the requirements of this standard means that it has taken an important step towards ensuring the security of Information assets, which are at the forefront of value assets.
Official License: It is a non-transferable permission granted by a public authority to perform a business that is restricted or regulated by law.
Bgys is the process of protecting information from unauthorized use, unauthorized disclosure, unauthorized destruction, unauthorized modification, damage to information, or preventing unauthorized access to information. The terms information security, computer security, and information insurance are often used interchangeably. These areas are relevant and share common goals of protecting privacy, integrity and availability of information.
ISO 27001 Information Security Management System
The Information Security Management System (ISMS) standard covers all types of organizations (for example, commercial organizations, public institutions, non-profit organizations). This standard specifies the requirements for establishing, implementing, monitoring, reviewing, maintaining and improving a documented ISMS in the context of all business risks of the organization. Specifies requirements for performing security controls customized to the needs of independent organizations or parties.
ISMS is designed to provide adequate and proportionate security controls that protect information assets and give confidence to relevant parties.
ISO 27001 Who concerns?
ISO/IEC 27001 is suitable for all organizations, large or small, from any country or industry in the world. This standard is particularly necessary in areas where the protection of information is of paramount importance, such as the finance, healthcare, government and IT sectors.
ISO/IEC 27001 is also very important for organizations that manage information on behalf of others, such as IT outsourcing companies: it can be used to reassure customers that their information is protected.
Benefits of establishing an ISO 27001 Information Security Management System
Recognizing information assets: The organization realizes which information assets exist and their value.
• Ability to protect its assets: It determines the controls and protection methods it will establish and protects it by applying it.
• Business continuity: It guarantees its business for many years. In addition, in the event of a disaster, it will have the ability to continue work.
• Being at peace with the relevant parties: Since their information, especially their suppliers, will be protected, they gain the trust of the relevant parties.
• It protects the information thanks to a system and does not leave it to chance.
• If it evaluates its customers, it is evaluated better than its competitors.
• It increases the motivation of the employees.
• Prevents legal pursuits
• Provides high prestige
What is KVKK and What Are Our Responsibilities?
KVKK means the law on the protection of personal data. You can find the answers to the questions of what is the KVKK, when it came into force, what is the purpose and scope of the law in this content. First of all, we would like to start by explaining the concept of data, that is, information. Knowledge is the name given to all the facts, facts and principles that the human mind can take. Information has been among our most important assets throughout history. It has been the greatest source of wealth, wisdom and most importantly technology. There was knowledge a thousand years ago and it still exists today. In the same way, we set rules to protect information a thousand years ago, and today we develop laws, rules and standards to protect information. Knowledge has always been important throughout human history.
Likewise, knowledge is among the most important assets of an institution. Organizations compile, share, sell or use the knowledge they have to obtain a product or a service. Institutions suffer when access to information is not possible or when the information required for the value and products produced by the institutions is stolen or changed.
Information is sometimes stored on our desk, sometimes in books, sometimes on paper, and sometimes in specially designed systems. Most importantly, knowledge is in the minds of employees. For this reason, information must be protected as necessary, regardless of the environment.
Since the middle of the twentieth century, it has become easier to obtain information thanks to the developments in the fields of communication and technology. Likewise, access to information has become much easier for malicious people who want to steal, harm or share information.
Information is the most important capital of the technology age we live in.
Today, countries, institutions, companies and even individuals have started to digitize rapidly due to business or entertainment tools, and then information has become much more important for everyone.
As access to information became easier, it attracted the attention of malicious people, and as the value of information increased, it caused attacks to increase. Technology has not only made our access to information much easier, but also allowed attackers to use new techniques and new methods.
We Have To Protect Data In Any Environment!
Both public and private institutions and organizations have been collecting, selling or sharing personal data for a long time in order to launch a service or product. However, within the scope of fundamental rights and freedoms of individuals, the protection of data during data processing should be a priority.
It has become inevitable to collect personal data for the continuation of the services provided by the institutions, for the effective public offering of public services, for the development, distribution and marketing of goods and services.
While this data is being collected, it should be mandatory for our personal rights and freedoms to prevent personal data from being opened to access by unauthorized persons, disclosure, violation of personal rights as a result of misuse or misuse, due to the unlimited and random nature of personal data.
For this reason, "Convention No. 108 on the Protection of Individuals Against Automatic Processing of Personal Data" was opened for signature on 28 January 1981 by the Council of Europe in order to protect personal data at the same standards in all member countries and to determine the principles of cross-border data flow. Signed within the scope of European Union Membership.
This agreement was finally published in the Official Gazette on 17 March 2016 and included in domestic law.
What is the Right to Protection of Personal Data?
With the constitutional amendment made in 2010, the right to demand the protection of personal data, which is regulated as a fundamental right as stated in Article 20 of the Constitution, which regulates the privacy of private life, is included in the section of the Constitution on the rights and duties of the individual. Likewise, the right to protect personal data may be limited in favor of other rights and freedoms within the limits drawn in the Constitution. The Draft Law on the Protection of Personal Data, prepared within the scope of harmonization with the European Union, was submitted to the Presidency of the Turkish Grand National Assembly on January 18, 2016.
When did KVKK come into force?
The KVKK law text in question was adopted by the General Assembly of the Grand National Assembly of Turkey on 24 March 2016 and enacted and entered into force after being published in the Official Gazette dated 7 April 2016 and numbered 29677.
What is KVKK?
KVKK is the Law on the Protection of Personal Data. At the same time, the KVKK institution has entered our lives in order to operate this law and maintain the processes. After this date, audits started and serious steps were taken to protect personal data. The KVKK law, which has been waiting as a draft for a long time, was published in the Official Gazette on 7 April 2016 and entered into force. In this way, the obligations of companies that process personal data and the rules to be followed in order to protect the fundamental rights and freedoms of individuals, from the processing of personal data to the privacy of private life, have been determined.
What is the Purpose of the Law No. 6698 on the Protection of Personal Data?
With this law, which was prepared to take into account international documents, comparative law practices and the needs of our country, it is aimed to process and protect personal data in contemporary standards.
The purpose of the KVKK Law has started with regulating the conditions for the processing of personal data, the protection of fundamental rights and freedoms of individuals in the processing of personal data, the obligations of natural and legal persons who process personal data and the procedures and principles to be followed. Protecting the privacy of the individual and ensuring data security are also considered within this scope. With the KVKK law, it is aimed to prevent the violation of personal rights as a result of unlimited and random collection of personal data, making it accessible to unauthorized persons, disclosure or misuse or misuse of personal data.
Who Covers the Personal Data Protection Law?
The KVKK Law applies to natural persons whose personal data are processed and to natural and legal persons who process this data fully or partially automatically or non-automatically provided that they are part of any data recording system. In other words, this law covers anyone who processes some or all of the data.
Since natural persons whose data are processed are mentioned in the Law, everyone who has a legal capacity is included in the scope of this Law. However, since the term "real persons whose personal data are processed" is used in the Law, legal entities whose personal data are processed are excluded from the scope of this Law. In terms of those who carry out data processing activities, the Law does not distinguish between natural persons and legal persons. On the other hand, those who process data without being part of the data recording system are excluded from the scope of the Law.
Protection of Personal Data
When it comes to the protection of personal data, it is first aimed to discipline the processing of personal data and to protect fundamental rights and freedoms. In fact, the protection of personal data basically aims to protect the people to whom this data is related, not the data.
According to the expressions in the law; It refers to the administrative, technical and legal measures aimed at protecting individuals from damages arising from the fully or partially automatic or non-automatic processing of the data about them and embodied in the principles regarding the protection of personal data.
What is the Definition of Personal Data?
According to these expressions, “personal data” refers to any information relating to an identified or identifiable natural person. In order to be able to talk about personal data, the data must be related to a natural person and this person must be specific or identifiable. In other words, there is a condition that the person must be clearly stated in the stored or processed data.
To give an example, Cyber Security Specialist Ali Ahmet ali.ahmet@example.com When we look at this example, we can clearly say that it refers to a single person since title information, name, surname and e-mail are included together.
Personal data relates to natural persons, and data related to legal entities are outside the definition of personal data. Therefore, information regarding a legal entity such as a company's trade name or address (except when they can be associated with a natural person) will not be considered personal data.
Making the person specific or identifiable: While personal data can show the identity of the person concerned, it does not show the identity of that person directly, but also includes all the information that enables the person to be identified as a result of associating with any record.
All kinds of information: This expression is extremely broad and a natural person; information such as name, surname, date of birth and place of birth, not only revealing the identity of the individual; phone number, motor vehicle license plate, social security number, passport number, resume, pictures, video and audio recordings, fingerprints, e-mail address, hobbies, preferences, people interacted with, group memberships, family information, health information, etc. or all data that makes it identifiable indirectly
What Does Sensitive Personal Data Mean?
Special categories of personal data are data that, if learned by others, may cause the person concerned to become a victim or be exposed to discrimination. To give an example of special quality personal data; We can list people's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and clothing, association, foundation or union membership, health, sexual life, criminal conviction and security measures, and biometric and genetic data. . Accordingly, sensitive personal data generally holds many sectors responsible.
What Does the Processing of Personal Data Mean?
Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available, classifying or using personal data completely or partially by automatic or non-automatic means provided that it is a part of any data recording system. It refers to all kinds of operations performed on the data, such as blocking. For example, storing personal data only on a disk, CD or server is a data processing activity, even if no other operations are performed with the aforementioned data. In other words, storing personal data also means processing personal data.
What Does the KVKK Law No. 6698 and the Obligation to Light Mean?
The KVKK Law No. 6698, which provides control and sets the rules in the processing of personal data, aims to protect fundamental rights and freedoms. The Procedure to be Complied with the Fulfillment of the Clarification Obligation published in the Official Gazette dated 10 March 2018 and numbered 30356, in Article 10 of the KVKK titled “Information Obligation of the Data Controller” on the Protection of Personal Data No. 6698 published in the Official Gazette dated 7 April 2016 and numbered 29677. and to protect the rights and freedoms of consumers regarding the storage, sharing, use and similar points of our personal data processed in accordance with the Communiqué on the Principles and Principles. Before processing the data of the consumers, information should be given in accordance with the obligation to enlighten, and it has become mandatory to inform the consumers by obtaining their explicit consent for processing, sharing and similar situations.
What Does the Automatic Processing of Personal Data in the Law Mean?
The law does not define what automatic processing is. In this context, processing that is fully or partially automated; It can be defined as performing automatic or partially automatic processes such as recording data, applying logical or arithmetic operations to these data, changing, deleting, recovering or transferring data by minimizing the need for human intervention or assistance.
In other words, automatic data processing; computer, phone, clock etc. It covers all of the processing activities that occur spontaneously without human intervention within the scope of algorithms prepared in advance through software or hardware features, performed by devices with processors.
What Does Non-Automated Processing of Personal Data Mean?
Processing by non-automatic means, depending on a data recording system, refers to the processing activity that is prepared manually but facilitates access and interpretation. As stated above, even if personal data are not automatically processed, they are also subject to the provisions of the Law when they are processed through a "data recording system".
The Personal Data Protection Authority was established a while ago as an autonomous institution in our country in order to follow the studies and practices for the protection of personal data. The purpose of the institution, which is expressed as KVKK, is to ensure the protection of personal data in our country and to raise awareness about this, within the scope of the protection of the privacy of private life and fundamental rights and freedoms stipulated in the Constitution, as well as to create an environment that increases the international competitive capacity of private and public actors in the data-based economy. is expressed as. It is defined as being an effective and internationally influential authority in the protection of personal data and the formation of citizenship awareness regarding it.
Within the scope of the law, companies, government institutions, universities, foundations, chambers, associations, small or large enterprises, organizations were given time until June last year to establish a management system regarding the protection of personal data and to comply with the Personal Data Protection Law. Then, the KVKK institution started to audit and examine the notifications. Administrative penalty of between 5,000 and 1,400,000 TL for misdemeanors within the scope of the law, closing down the institutions that do not establish a legal system for the protection of personal data.
