KVKK- LAW ON THE PROTECTION OF PERSONAL DATA
KVKK- PERSONAL DATA PROTECTION LAW AND ITS IMPLEMENTATION
Today, the use of social media has increased considerably as it is known. Now every person has a smartphone. Because technology and digitalisation have become widespread. For all these reasons, personal data has become critical for all of us. Personal data is very important for our security and protection of legal rights.
The TGNA has introduced regulations on personal data. It has determined by whom the data will be used, for what purpose, how it will be used and how it will be destroyed.
Law No. 6698 on the Protection of Personal Data (KVKK) was enacted by the Turkish Grand National Assembly on 24 March 2016 and the law entered into force after being published in the Official Gazette on 7 April 2016.
WHAT ARE THE PENALTIES AND SANCTIONS OF KVKK?
With the Law No. 6698 on the Protection of Personal Data entering into force, the law imposes administrative fines on institutions and business owners, as well as imprisonment in some cases.
So who does the law cover?
KVKK covers all institutions, businesses and company owners who process personal data, including official institutions.
In which case does it fall within the scope of KVKK?
If the information of real person customers, employees, visitors is recorded and processed, it is within the scope of KVKK.
WHAT IS VERBIS?
All institutions and organisations within the scope of the law are obliged to register to the Data Controllers Registry Information System, which is short name VERBIS, within the dates determined by the Personal Data Protection Law.
WHAT DOES VERBIS REGISTRATION DO?
With VERBIS registration, institutions and businesses are obliged to notify which personal data, for what purpose, on what legal basis and for how long they will process. If this obligation is not fulfilled, the law imposes administrative and imprisonment penalties.
WHAT IS EXPLICIT CONSENT? Explicit consent is consent expressed with free will.
WHAT HAPPENS IN CASE OF EXPLICIT CONSENT? It is deemed to have voluntarily given consent to the processing of the data. However, the consent given here should determine where the data will be used and how it will be used.
SHOULD EXPLICIT CONSENT BE OBTAINED IN WRITING? It does not have to be in writing. It is also possible to obtain it via electronic media and call centres.
WHO HAS THE BURDEN OF PROOF ON THIS ISSUE? The burden of proof on this issue belongs to the data controller.
CAN EXPLICIT CONSENT BE WITHDRAWN? Explicit consent is a right strictly bound to the person. For this reason, it can be revoked.
WHEN DOES THE WITHDRAWAL DECLARATION TAKE EFFECT? The withdrawal declaration takes effect from the moment it reaches the data controller.
WHAT IS KVKK’S OBLIGATION OF DISCLOSURE? An obligation of disclosure has been imposed on the data controller regarding by whom, for what purposes and on what legal grounds personal data should be provided. – For what purpose personal data should be processed – To whom and for what purpose personal data may be provided – Method of collecting personal data
WHO IS THE DATA CONTROLLER? According to Article 11 of the Regulation on the Data Controllers’ Registry, if the data controller is a legal person resident abroad, it must appoint a data controller representative. This data controller representative to be appointed must be a legal entity resident in Turkey or a natural person of Turkish citizenship.
According to the LPPD, it is not possible to store personal data processed by data controllers indefinitely. It should be kept for a period of time suitable for the purpose of data processing determined by the organisation or business and then destroyed. These periods vary according to the sectors in which the enterprises operate and the laws they are subject to.
Personal data is the oil of the digital age. Are lawyers obliged to register with VERBIS? No, they are not. No, they do not. How many articles does KVKK consist of? It is a tiny 33-article law, but its content is important and deep. The role of the lawyer in the personal data protection law compliance process is very important. Lawyers have to take an active role here.
WHAT IS PERSONAL DATA PROTECTION? It is the disciplining of the processing of personal data. It is the protection of fundamental rights and freedoms. It is the right to determine the future of one’s data by oneself.
To give an example; A pharmaceutical warehouse that collects data is analysing the system. In Facebook correspondence and whats up correspondence, there are a lot of colds. It detects the drugs and gives them to warehouses and pharmacies. In this way, it makes a lot of profit. Have we ever thought about why applications such as Facebook and Instagram are free? Because big companies collect data from here.
What is the legal nature of personal data? The US argues that it is an economic right. Europe, on the other hand, is of the opinion that it is a fundamental human right. The Council of Europe and the United Nations have carried out serious studies on the collection of personal data.
You can access our other article examples and petition examples by clicking