The Law on the Protection of Personal Data entered into force after being published in the Official Gazette dated April 7, 2016 and numbered 29677. The Law on the Protection of Personal Data was enacted based on the concept of protecting the rights and freedoms of individuals and includes conditions such as processing, storage, deletion and destruction of personal data within the specified framework for the same purpose as similar laws that have been enacted in different ways in many countries around the world.
KVKKPlus considers the Law as a whole and ensures that the data is securely processed, stored, shared and destroyed in accordance with the law. For this purpose, it examines technical and administrative measures, identifies gaps and elimination actions, fulfills administrative requirements and provides trainings.
KVKKPlus handles the Law on the Protection of Personal Data as a whole with its Legal, Data, Information Technologies, Human Resources and Process dimensions.
Although organizations may think that by completing and updating their Verbis (Data Controllers’ Registry) registrations, which the law requires as a priority, they largely avoid the risk of penalties, we should not forget that “Data” is the value that the law seeks to protect. The law also states that Verbis registrations are only the first step in this journey and that structural steps should be taken afterwards.
The Law on the Protection of Personal Data is perhaps the most comprehensive regulation on data in our history, and companies that fully comply with the law are not only protected from the risk of high fines, but also have the following benefits that increase the company’s revenues:
Within the framework of KVKK, organizations should address their requirements with a structural integrity for a sustainable maturity and compliance. This integrity can only be possible by addressing the following components together.
With KVKK+, we address and implement all components of the KVKK compliance processes of organizations together.
“KVKKPlus Evaluate and Implement” includes the realization of these studies and bringing the maturity to the desired level together with the evaluation and audit work in order for organizations to fulfill the requirements of the law and increase their maturity.
“KVKKPlus Update” provides update services by addressing the 5 components required according to regular audits and changes in order to ensure the continuity of compliance with the law in the changing daily business processes of organizations and changing environmental conditions.
KVKKPlus operates in the above-mentioned contents in every area where personal data is hosted, processed and shared as indicated by the Law. It produces results and offers solutions for the organization to fulfill all its obligations to the Law, its customers and employees.
KVKKPlus includes the following defined services to increase Data maturity in line with the principles set by the Law. These services can be handled independently of each other or can be used in a continuous manner starting from the appropriate place in the determined flow.
The Snapshot Service is a study that can provide a limited insight into the current situation of organizations. It is a report containing findings and recommendations that can be seen from the outside, without the need to spend resources on organizations, without the need to touch their existing internal structures.
This report contains findings on the specified process, technology, law and data areas.
This service is the service of evaluating the organization in terms of Law, Technology, Data, Process and Human dimension according to the requirements of the law and presenting the results in terms of risk, impact and effort specific to these areas. The report obtained as a result of this service enables the organization to see the risks related to KVKK and to determine the road map in the process of eliminating these risks and compliance. At the same time, it allows the project to be placed on the calendar by projecting it in the order of resource cost and importance. This service is critical for organizations to be able to look at all areas while determining what needs to be done within their organization in the process of compliance with the Law, that is, to evaluate all areas of Human, Process, Technology, Law, Data with a 360-degree angle, and to decide and prioritize what needs to be done in these areas by knowing the parameters such as resource cost, risk magnitude, impact magnitude.
Every organization has a different roadmap in the KVKK compliance process. KVKK+ REVIEW service determines the current situation of the organization and provides the creation of a roadmap by supporting what needs to be done with enlightening content. Meeting the identified requirements may require different skill sets or additional resources, and these requirements are provided by the KVKK+ APPLICATION service. Within the scope of the KVKK+ APPLICATION service, compliance activities are carried out within the framework of the determined plan, reported regularly and the development of the organizations is shown on the “maturity development map”. Thanks to the KVKK+ feature, these services are offered in Human, Process, Technology, Legal and Data dimensions.
Although it is possible to reach the targeted point by realizing projects in the KVKK maturity process, the maturity achieved must be maintained in line with changing practices, processes and even legislation. Many additional activities such as planning current activities specific to changes, providing relevant reporting, designing new processes or organizing existing processes have entered our lives thanks to the law. KVKK+ CURRENT service determines the most appropriate activities to be done according to the organization and the sector in which the organization is located, performs them if desired, reports them and keeps the maturity level of the organization at the desired level.
Current Situation Analysis
Analyses are conducted in 5 areas with the employees of the organization, both on-site and remotely, and a current situation report is created as a whole. This report outlines the requirements in all areas in terms of impact, risk and importance, and allows us to see the position of the organization on a sectoral basis and according to general averages.
Determining the Road Map
The organization evaluates the results obtained and determines the road map that is appropriate for its resources and strategies.
Awareness, Information and Training
Activities are carried out in a way to inform the Human Resources of the organization, which is the primary factor in the proposed flow, about the law, to receive the necessary trainings and to maximize their awareness of the law.
All processes of the organization such as document, contract, information sharing, integration, application development, access to data are designed and made operational.
In addition, processes such as anonymization, deletion, destruction, blackout, masking and reporting for data are also designed and made operational.
Information security projects related to the Protection of Data required by the Law are determined, and efforts are made to realize the ones that are in line with the strategies of the Institution in the appropriate order. These areas are account management, data security, infrastructure security and application security.
Projects for Data Management
Projects related to the Management of Sensitive Data required by the Law are determined, and efforts are made to realize the ones that are in line with the strategies of the Institution in the appropriate order.
Preparation of Clarification and Explicit Consent texts defined in the Law in accordance with the relevant criteria, determination of privacy policies, examination and revision of contracts in terms of KVKK obligations, preparation and revision of personal data protection inventories, examination of data sharing parties (including domestic and foreign) and making them compliant with the legislation.