KVKK LAW

The KVKK Law on the Protection of Personal Data No. 6698 was published in the Official Gazette on 7 April 2016 and 29677 numbered entered into force. Turkish Data Protection Authority was established under the same Law in Ankara.Turkish Data Protection Authority has been established as an independent regulatory authority having organisational and financial autonomy and having a public legal entity in order to fulfill the duties under the Law. The Authority is composed of the Personal Data Protection Board and the Presidency.

The purpose of this Law is to protect fundamental rights and freedoms of persons, particularly the right to privacy, with respect to processing of personal data and to set forth obligations, principles and procedures which shall be binding upon natural or legal persons who process personal data.

The provisions of this Law shall apply to natural persons whose personal data are processed and to natural or legal persons processing such data wholly or partially by automated means or by non-automated means which provided that form part of a data filing system.

The time for compliance with the KVKK Law on the Protection of Personal Data ended in April 2018. All individuals and institutions that process personal data must complete their work on compliance with the law as soon as possible.

What is Personal Data in KVKK Law?

Personal Data is any information relating to an identified or identifiable natural person. In this case, it can be said that basically two criteria are used to differentiate personal data from non-personal data. Accordingly, in order that any data is defined as personal data, the data must be related to a person and that person must be identified or identifiable.

Who is Data Subject in KVKK Law?

Data protection only applies to the data of the natural persons under the Law. Therefore, “data subject” is used in the Law to express natural person whose personal data is being processed. The person to be protected is “natural person” as stated in the definitions in the Regulation.

If personal data of a legal person identifies or makes identifiable a natural person, these data are protected under the Law as well. However, interest to be protected here belongs to the natural person, not legal person, since the Law does not cover the processing of personal data concerning legal persons.

Who is Data Controller?

Data controller is the natural or legal person who determines the purposes for which and means by which personal data is processed and is responsible for establishing and managing the data registry system. Legal persons are themselves “controllers” while processing personal data, liabilities stated in the relevant regulations shall belong to the legal persons. There is no difference between public legal persons and private legal persons.
According to the law, controller is the person who determines the purposes for which and means by which personal data is processed. In other words, it is the person who shall answer the questions of “why” and “how” of the processing activities.

What is Processing of Personal Data ?

Processing of personal data is the series of operations that are carried out on personal data such as collection, recording, storage, retention, alteration, re-organization, disclosure, transferring, taking over, making retrievable, classification or preventing the use thereof, fully or partially through automatic means or through non-automatic means only for the process which is a part of any data registry system set out in the Law.

Check Our Personal Data Protection KVKK Compliancy Services in Turkey