What is KVKK consultancy? These are services provided within the framework of the Personal Data Protection Law. Personal data includes information such as people’s health information, genetic information, biometric data. Therefore, it includes not only name, surname and date of birth; but also social, economic, physical and many other information. Therefore, it refers to data that can identify a person.

This law was prepared to prevent the processing of personal data without the owner’s consent. In this context, processing without consent is a crime. If the institution requests the owner’s consent, it must inform the owner about which data will be collected and for what purposes it can be used. This must be clear and understandable.

It also includes who it will be shared with and how long it will be stored. Institutions that collect and store personal data are within the scope of this law. Therefore, some work should be done for the processes. Consulting services are professional services provided for this purpose.

What Should Be Done for KVKK Compliance?
There are many activities that can be done to comply with the KVKK law . These are outlined as follows;

Creating strategies to determine the types of data that are or will be collected from individuals
Ensuring the integrity, accessibility and confidentiality of information assets
To be in compliance with ISMS standards
Creating a data inventory
Finding all structured or unstructured data in the network system retroactively
To reach out to every individual who wants their data to be stored retroactively and inform them about their intentions.
Conducting internal audits, evaluations and reviews at certain intervals.
Ensuring the security of the system and data by performing penetration tests
The actions required to comply with the law may be increased. If the necessary procedures are not followed, there are also a number of penalties. These are as follows;

Those who record personal data illegally are sentenced to imprisonment from 1 to 3 years.
Those who unlawfully give, obtain or disseminate personal data to another person are sentenced to imprisonment from 2 to 4 years.
If those who are obliged to destroy the data in the system after the time periods specified by law have passed, they will be sentenced to imprisonment from 1 to 2 years if they fail to do so.
In addition to these, some situations also constitute a misdemeanor. In this context, there are penalties ranging from 5,000 Turkish Lira to 1,000,000 Turkish Lira. These are valid in different misdemeanor cases.

What Should Be Considered When Processing Data?
Certain principles must be followed when processing data within the scope of the KVKK law . Some of these are outlined as follows;

Must be accurate and up to date.
Act in accordance with the rules of truth and honesty.
It must be processed for legitimate purposes in a clear and specific manner.
Data must be limited, proportionate and relevant to the purposes for which it is processed.
Our company has been carrying out KVKK consultancy processes with expert personnel in the field since the day it was founded. Our staff, which has the necessary certificates and training, completes the consultancy process in a healthy way and ensures that you act in accordance with the law.