GDPR is an acronym (from Turkish for Personal Data Protection Law No. 6698, but here substituted as requested). This regulation has been enacted to protect the fundamental rights and freedoms of individuals, especially the privacy of their private lives, during the processing of personal data. It also regulates the procedures and principles that must be adhered to by natural and legal persons who process personal data, whether wholly or partially by automated means, or by non-automated means as part of any data recording system.<\/p>\n\n\n\n
Furthermore, this regulation refers to the abbreviations of the Data Protection Authority (Ki\u015fisel Verileri Koruma Kurumu), an institution established by this regulation with administrative and financial autonomy and public legal personality, along with the Data Protection Board, whose powers and duties are enumerated in the relevant law.<\/p>\n\n\n\n
Any information relating to an identified or identifiable natural person that reveals their identity and is specific to them (such as name, surname, date of birth, home address, work address, email address, IP address, phone number, fax number, credit card information, national identification number, tax identification number, passport number, social security number, driver's license number, vehicle license plate, resume, photograph, video, etc.) is considered personal data under the scope of GDPR. Its processing by natural or legal persons is only possible with the explicit consent of the data subject.<\/p>\n\n\n\n
Furthermore, under Article 6 of the Personal Data Protection Law No. 6698, certain data are listed as special categories of personal data. These include an individual's race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, dress and appearance, membership in associations, foundations, or trade unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data. The processing of such data is prohibited without the explicit consent of the data subject.<\/p>\n\n\n\n
GDPR consent (referring to the equivalent concept as defined in Article 3, titled Definitions, of the Personal Data Protection Law No. 6698) is defined as consent given freely, based on specific information, and with explicit indication of the data subject's wishes. As understood from this definition, informed consent is mandatory.<\/p>\n\n\n\n
The absence of a prescribed format for how this information should be provided and how explicit consent should be obtained makes it possible for the Privacy Notice and its accompanying acceptance button in electronic environments, or through call centers, to fulfill the GDPR obligations. This is provided that the burden of proof remains with the data controller.<\/p>\n\n\n\n
In 1995, the European Union adopted the \"Directive on the Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of Such Data\" to harmonize personal data protection regulations among member states.\n\nThis Directive served as a foundational text for legal regulations within member states' domestic laws, including Turkey. It also laid the groundwork for the European Union General Data Protection Regulation (GDPR) No. 2016\/679, which was enacted by the European Parliament, the Council of Europe, and the European Commission in 2016, came into force in 2018, and remains the current applicable legislation in the EU today.<\/p>\n\n\n\n
In our country, GDPR (referring to the equivalent concept as it relates to Turkish law), was prepared with the aim of effectively protecting human rights, supporting EU accession negotiations, and fostering international cooperation and trade. It was submitted to the Grand National Assembly of Turkey on December 26, 2014.\n\nThe regulation was enacted on March 24, 2016, and came into force upon its publication in the Official Gazette (Issue No. 29677) on April 7, 2016.<\/p>\n\n\n\n
Article 2 of the Personal Data Protection Law No. 6698 (here, substituted to reflect GDPR as requested) outlines the scope of the law, stating it applies to \"natural and legal persons who process personal data wholly or partially by automated means, or by non-automated means provided that it is part of any data recording system.\"<\/p>\n\n\n\n
Personal data processing refers to any operation performed on personal data, such as its acquisition, recording, storage, retention, alteration, re-organization, disclosure, transfer, acquisition, making it retrievable, classification, or prevention of its use.\n\nWithout distinction between natural and legal persons performing these actions, everyone is subject to the regulations brought forth by GDPR.<\/p>\n\n\n\n
Article 3, titled Definitions, of the Personal Data Protection Law No. 6698 (here, substituted to reflect GDPR as requested) defines the Data Controller as the natural or legal person who determines the purposes and means of processing personal data, and is responsible for the establishment and management of the data recording system.<\/p>\n\n\n\n
In the same article (Article 3 of the Personal Data Protection Law No. 6698), a Data Processor is defined as a natural or legal person who processes personal data on behalf of the Data Controller, based on the authority granted by the Data Controller.\n\nTo distinguish between these two concepts, you need to identify the person or entity who answers the \"why\" and \"how\" questions of the processing activity.<\/p>\n\n\n\n
In accordance with Personal Data Protection Law No. 6698 (here, substituted to reflect GDPR), the Data Controller's obligations include:\n\nInforming data subjects (data subject: the person whose personal data is processed) about their applications.\n\nTaking necessary measures to ensure data security.\n\nRegistering with the Data Controllers' Registry (VERB\u0130S).\n\nResponding to data subjects' applications.\n\nDeleting, destroying, or anonymizing personal data ex officio or upon the data subject's request when the reasons for processing cease to exist.\n\nComplying with the decisions of the Data Protection Board.<\/p>\n\n\n\n
According to the Turkish Criminal Code No. 5237 (TCK), individuals who unlawfully record personal data will be sentenced to imprisonment from one to three years (this sentence may be increased by half depending on the nature of the data).\n\nThose who unlawfully obtain or disseminate this data will be sentenced to imprisonment from two to four years.\n\nFurthermore, anyone who acts in violation of the obligation to delete, destroy, or anonymize this data will be sentenced to imprisonment from one to two years.<\/p>\n\n\n\n
Additionally, in accordance with the Personal Data Protection Law No. 6698 (here, substituted to reflect GDPR), administrative fines are applied as follows:\n\nFor Data Controllers who fail to fulfill their clarification obligation, fines range from 5,000 to 10,000 Turkish Liras.\n\nFor those who fail to meet their data security obligations, fines range from 15,000 to 1,000,000 Turkish Liras.\n\nFor those who act in violation of the Data Controllers' Registry (VERB\u0130S) registration requirement, fines range from 20,000 to 1,000,000 Turkish Liras.<\/p>\n\n\n\n
Her ne kadar 6698 say\u0131l\u0131 Ki\u015fisel Verilerin Korunmas\u0131 Kanunu’nun haz\u0131rlanmas\u0131 s\u00fcrecinde, AB hukuki d\u00fczenlemeleri model al\u0131nm\u0131\u015fsa da, KVKK ve\u00a0GDPR\u00a0aras\u0131nda birtak\u0131m farkl\u0131l\u0131klar bulunmaktad\u0131r;<\/p>\n\n\n\n
GDPR kapsam\u0131nda, veri kontrol\u00f6r\u00fc olmasa bile veri i\u015fleyen herhangi bir \u015firket ya da birey de (bulut hizmet sa\u011flay\u0131c\u0131lar\u0131 gibi \u00fc\u00e7\u00fcnc\u00fc taraflar da d\u00e2hil olmak \u00fczere) verinin hukuka uygun i\u015flenmesinden sorumlu kabul edilmekte iken, 6698 say\u0131l\u0131 Ki\u015fisel Verilerin Korunmas\u0131 Kanunu madde 18\/2 uyar\u0131nca, veri sorumlusu ve veri i\u015fleyen a\u00e7\u0131s\u0131ndan farkl\u0131 bir sorumluluk d\u00fczeyi belirlenerek, idari para cezas\u0131 yapt\u0131r\u0131m\u0131, yaln\u0131zca veri sorumlular\u0131na uygulamakta ve yine veri sorumlular\u0131 siciline kay\u0131t zorunlulu\u011fu yaln\u0131zca veri sorumlular\u0131n\u0131 kapsamaktad\u0131r.<\/p>\n\n\n\n
Genel olarak, bireylerin kendilerine ait ki\u015fisel verilerini kontrol etme ve m\u00fcmk\u00fcn oldu\u011funda silme hakk\u0131 olarak ifade edilen unutulma hakk\u0131 kavram\u0131 GDPR ile ilk kez hukuki bir d\u00fczenleme \u00e7er\u00e7evesine al\u0131nm\u0131\u015f olsa da; 6698 say\u0131l\u0131 Ki\u015fisel Verilerin Korunmas\u0131 Kanununda buna ili\u015fkin m\u00fcnferit bir d\u00fczenleme yer almamakta, i\u015fbu kavram \u00fclkemizde Y\u00fcksek Mahkeme ve Anayasa Mahkemesi kararlar\u0131 ile \u015fekillenmektedir.<\/p>\n\n\n\n
GDPR ile getirilen veri koruma kurallar\u0131na ili\u015fkin ihlaller kar\u015f\u0131 200 milyon Avro veya hizmet sa\u011flay\u0131c\u0131n\u0131n k\u00fcresel gelirinin y\u00fczde d\u00f6rd\u00fc gibi \u00f6nemli miktarlarda yapt\u0131r\u0131mlar \u00f6ng\u00f6r\u00fclmekte iken, 6698 say\u0131l\u0131 Ki\u015fisel Verilerin Korunmas\u0131 Kanununda ilgili idari para cezalar\u0131n\u0131n (5 bin T\u00fcrk Liras\u0131 – 1 milyon T\u00fcrk Liras\u0131) nispeten daha d\u00fc\u015f\u00fck miktarlarla s\u0131n\u0131rl\u0131 oldu\u011fu g\u00f6r\u00fclmektedir.<\/p>\n\n\n\n
GDPR ile d\u00fczenlenen “veri ta\u015f\u0131nabilirli\u011fi hakk\u0131”, hassas verilerin i\u015flenmesi bak\u0131m\u0131ndan “zorunlu veri koruma g\u00f6revlisi” ile riskli veri i\u015fleme faaliyetleri bak\u0131m\u0131ndan “zorunlu veri koruma etki de\u011ferlendirmesi” gibi kurumlara ili\u015fkin d\u00fczenlemeler, 6698 say\u0131l\u0131 Ki\u015fisel Verilerin Korunmas\u0131 Kanunda bulunmamaktad\u0131r.<\/p>","protected":false},"excerpt":{"rendered":"
KVKK Nedir? KVKK Ne Demek? KVKK, 6698 say\u0131l\u0131 Ki\u015fisel Verilerin Korunmas\u0131 Kanununun ilk harflerinden olu\u015fan k\u0131saltmas\u0131 olup; ki\u015fisel verilerin i\u015flenmesinde, ba\u015fta \u00f6zel hayat\u0131n gizlili\u011fi olmak \u00fczere, ki\u015filerin temel hak ve \u00f6zg\u00fcrl\u00fcklerini korumak ve ki\u015fisel verileri tamamen veya k\u0131smen otomatik olan ya da herhangi bir veri kay\u0131t sisteminin par\u00e7as\u0131 olmak kayd\u0131yla otomatik olmayan yollarla i\u015fleyen ger\u00e7ek […]","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-442","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/adiloglu.com.tr\/en\/wp-json\/wp\/v2\/pages\/442","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adiloglu.com.tr\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/adiloglu.com.tr\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/adiloglu.com.tr\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/adiloglu.com.tr\/en\/wp-json\/wp\/v2\/comments?post=442"}],"version-history":[{"count":2,"href":"https:\/\/adiloglu.com.tr\/en\/wp-json\/wp\/v2\/pages\/442\/revisions"}],"predecessor-version":[{"id":1823,"href":"https:\/\/adiloglu.com.tr\/en\/wp-json\/wp\/v2\/pages\/442\/revisions\/1823"}],"wp:attachment":[{"href":"https:\/\/adiloglu.com.tr\/en\/wp-json\/wp\/v2\/media?parent=442"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}