KVKK Consultancy

KVKK Consultancy

KVVK means Personal Data Protection Law.

KVKK has carefully determined the obligations and rules to be followed by companies that process personal data in order to protect the fundamental rights and freedoms of individuals, from personal data to businesses or to the privacy of private life.

The KVKK Law applies to natural persons whose personal data are processed, and to natural and legal persons who process this data fully or partially by automatic or non-automatic means, provided that it is part of any data recording system. In other words, this law covers anyone who processes some or all of the personal data.

What is KVKK Compliance Consultancy?

Our company undertakes the management process of the measures to be taken by data controllers in order to meet the obligations listed under the heading of Administrative and Technical Measures determined for data controllers within the scope of KVKK No. 6698.

Scope of Administrative Measures to be Taken by the Data Controller

  •  Preparation of Personal Data Processing Inventory
  •  Corporate Policies
  •  Contracts
  •  Privacy Commitments
  •  Internal Periodic or Random Audits
  •  Risk Analysis
  •  Employment Contract, Disciplinary Regulation
  •  Corporate communications
  •  Education and Awareness Activities
  •  Notification to Data Controller Registry Information System
  •  Scope of Technical Measures to be Taken by the Data Controller
  •  Authority Matrix or Authority Control
  •  Internal Access Logs or Log Records
  •  User Account Management facilities
  •  Network Security, Application Security, Firewalls all
  •  Ciphers
  •  Penetration Tests
  •  Attack, Detection and Prevention Systems
  •  Data Masking methods
  •  Data Loss Prevention Software, Backups
  •  All Current Antivirus Systems
  •  Deletion, Destruction and Anonymization possibilities
  •  Key Managements

What do we provide within the scope of KVKK Consultancy Service?

STD Bilişim provides a completely professional service in KVKK Consultancy Service, including GAP Analysis and Due Diligence, Work Steps and Application Support for Project Processes, and Preparation of Relevant Documents within the Scope of the Project. Initial examination and detection facilities are also offered.

1) GAP Analysis and Due Diligence

  • Analysis of Business Activities, Processes and Workflows and Determination of Administrative and Technical Measures taken in this context
  • Analysis of Processes Related to Employee, Customer, Visitor and Supplier Data
  • By examining the policies and procedures regarding information security and protection of personal data in the business, adequacy analysis and determination of improvement points
  • Examining the compliance status of all contract types within the scope of KVKK and determining the improvements to be made to ensure compliance and taking the right steps.
  • Evaluation and probabilities.

2) Work Steps and Application Support for Project Processes

  • It consists of corporate assignment regarding personal data management, communication structure and organization, job description and process management regarding application management.
  • Recommendations are made in line with legal compliance, meeting the demands of KVKK and related secondary legislation and business needs.
  • The company's current processes and activities are examined, and analyzes are carried out together with the process owners to identify personal data and create a data inventory.
  • By categorizing the data purposes and analyzing the compliance of the processes with the law in terms of process and information security, a data inventory is ultimately created.
  • Self-assessment of system, application and information security risks used in the field of Information Technologies is carried out.
  • Information and Explicit Consent texts are created in accordance with the Communiqué on the Procedures and Principles to be Followed in Fulfilling the Information Obligation.
  • Within the scope of Information Security, contracts are reviewed and handled and Confidentiality Commitments are created.
  • for the company in a way that meets the administrative measures in the Personal Data Security Guide published by the Personal Data Protection Authority. Personal Data Processing and Protection Policy, Data Storage and Destruction Policy, Precautionary Policies Regarding Special Personal Data, Information Security Policies and procedures are established.
  • KVKK Awareness Training is provided to company employees.
  • Risk Analysis and Audit Report, listed under the administrative measures heading, is being prepared.
  • Recommendations regarding the work that the company should do within the scope of technical measures are shared, and 27001 Information Security sample documents are shared.
  • The prepared Data Inventory is registered to VERBIS together with the company.

3) Documents Prepared Within the Scope of the Project

  • Explicit consent texts
  • Clarification Texts
  • Corporate Policies
  • Privacy Commitments
  • Training Documents
  • Data Inventory
  • Data Controllers Registry Forms
  • Audit Report
  • Risk analysis
  • Request, Complaint, Violation Management and Job Descriptions

Personal Data Protection Law – KVKK

Nowadays, both public and private institutions and organizations may always need personal information depending on the nature of the transactions to be carried out. Information that constitutes personal data in connection with the provision of a service has been collected and processed by institutions and organizations for a long time. There are many different reasons for performing this procedure. In some cases, it originates from the law and in other cases, it is based on the contract. Protection of personal data provided by the individual or received depending on the nature of the transaction is provided by law. Collecting personal data has become inevitable in order to maintain social and economic life in order, to benefit from public services effectively and correctly, to develop, market and distribute goods and services in a quality manner. However, this cannot be done unlimitedly and arbitrarily and should not be done.

What Does the Personal Data Protection Law Provide?

Personal data protection law It basically aims to protect the individuals who own personal data, not the data itself. By processing and regulating personal data, fundamental rights and freedoms are protected. It is possible to protect personal data in order to prevent the relevant person from being victimized or exposed to different negativities, especially if it is learned by others. Except for the exceptions specified in the law, personal data cannot be processed or collected without the explicit consent of the data subject. It cannot be transferred to third parties or abroad. This situation is addressed in many separate articles within the personal data protection law. If these articles are not complied with, institutions may be subject to administrative fines. In case of violation of personal data, the violator is sentenced to imprisonment from 1 to 3 years, and the person who obtains this data through the violation is sentenced to imprisonment from 2 to 4 years. The law on the protection of personal data was enacted to prevent the individual from being victimized due to a service or similar transaction received in both his social and personal life.


Optimized with PageSpeed Ninja