KVKK/GDPR Consultancy

What is Personal Data?

Data that refers to any information relating to an identified or identifiable natural person is personal data..

Data transfer, which foreign capital needs to invest and manage effectively, was not realized due to the lack of legal regulation and was considered as a deterrent to foreign capital acquisition.
Purpose of the Law
The Law aims to prevent unlimited and indiscriminate collection of personal data, its disclosure to unauthorized persons, disclosure or violation of personal rights as a result of misuse or abuse.


Administrative Measures
Preparation of Personal Data Processing Inventory – Corporate Policies (Access, Information Security, Use, Storage and Destruction, etc.) – Contracts (Data Controller – Data Controller, Data Controller – Data Processor) ) – Contracts (Data Controller – Data Controller, Data Controller – Data Processor) – Confidentiality Undertakings – Internal Periodic and/or Random Audits – Risk Analyses – Employment Contract, Disciplinary Regulation (Addition of Provisions in Compliance with the Law) – Corporate Communication (Crisis Management, Board and Data Subject Information Processes, Reputation Management, etc.) – Training and Awareness Activities (Information Security and the Law) – Notification to the Data Controllers Registry Information System (VERBIS)
Technical Measures
Authorization Matrix -Authorization Control -Access Logs -User Account Management -Network Security -Application Security -Encryption -Penetration Testing -Intrusion Detection and Prevention Systems -Log Records -Data Masking -Data Loss Prevention Software -Backup -Firewalls -Up-to-date Anti-Virus Systems -Delete, Destroy or Anonymize -Key Management

Data Controller Obligations

Data Controller refers to the natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.

Although the Data Controller has many obligations under the law, some of them are shown.

Disclosure Obligation
Obligations Regarding Data Security
Fulfillment of Board Decisions
Registration to the Data Controllers Registry System
Administrative Fines
Breach of Disclosure Obligation: TL 5.000- TL 100.000
Breach of Data Security Obligation: TL 15.000 - TL 1.000.000
Failure to Comply with Board Decisions: TL 25,000 - TL 1,000,000
Violation of Registration Obligation: TL 20.000 - TL 1.000.000

We provide KVKK Consultancy Services to institutions and organizations in order to increase personal data security by ensuring the confidentiality and protection of personal data for the protection of Personal Data.