What is Personal Data?
Need
Data transfer, which foreign capital needs to invest and manage effectively, was not realized due to the lack of legal regulation and was considered as a deterrent to foreign capital acquisition.
Purpose of the Law
The Law aims to prevent unlimited and indiscriminate collection of personal data, its disclosure to unauthorized persons, disclosure or violation of personal rights as a result of misuse or abuse.
Measures
Administrative Measures
Preparation of Personal Data Processing Inventory – Corporate Policies (Access, Information Security, Use, Storage and Destruction, etc.) – Contracts (Data Controller – Data Controller, Data Controller – Data Processor) ) – Contracts (Data Controller – Data Controller, Data Controller – Data Processor) – Confidentiality Undertakings – Internal Periodic and/or Random Audits – Risk Analyses – Employment Contract, Disciplinary Regulation (Addition of Provisions in Compliance with the Law) – Corporate Communication (Crisis Management, Board and Data Subject Information Processes, Reputation Management, etc.) – Training and Awareness Activities (Information Security and the Law) – Notification to the Data Controllers Registry Information System (VERBIS)
Technical Measures
Authorization Matrix -Authorization Control -Access Logs -User Account Management -Network Security -Application Security -Encryption -Penetration Testing -Intrusion Detection and Prevention Systems -Log Records -Data Masking -Data Loss Prevention Software -Backup -Firewalls -Up-to-date Anti-Virus Systems -Delete, Destroy or Anonymize -Key Management