'Most Innovative Startup 2020' by RSA - Watch the pitch videoView More
Turkey was one of the first countries to start the trend of legislating data protection. Turkey published “Law on the Protection of Personal Data No. 6698 (LPPD) covering personal data protection on April 07, 2016.” The LPPD is based on the European Union Data Protection Directive 95/46/EC and has several similarities with the GDPR. It aims to give data subjects’ control over their personal data and outlines obligations that organizations and individuals dealing with personal data must comply with. The LPPD has also provided comprehensive guidelines for the transfer of personal data to the third parties.
SECURITI.ai enables organizations to comply with LPPD regulation through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
SECURITI.ai supports enterprises in their journey toward compliance with the LPPD through automation, enhanced data visibility, and identity linking.
See how our comprehensive PrivacyOps platform helps you comply with various articles of the LPPD.
Create customized web forms according to your brand image with the DSR request format and accept verified data subject rights requests. Automate the initiation of fulfillment workflows when verified requests are received.
Article: 10, 11
The automation of the delivery and generation of secure data access reports will greatly reduce the risk of compliance violations and reduce the workforce required to comply with all the access requests.
Articles: 11, 13
The information is disclosed through a secured and centralized point to data subjects within the limited timeframe.
Fulfill data rectification requests using automated data subject verification workflows across all appearances of a data subject’s personal data.
Articles: 7, 11(1)(e)
Fulfill data subjects’ erasure requests, swiftly, through automated and flexible workflows.
Articles: 4, 5, 10, 13
Keep track of risks against non-compliance to data subjects’ rights by continuously monitoring and scanning data.
Discover personal information stored across all your internal and external systems within the organization and link them back to a unique data subject. Also, visualize personal data sprawl and identify compliance risks.
Automatically scan the web properties within your organization and create cookie categories. Build customizable cookie consent banners in accordance with the applicable cookie requirements.
Articles: 5, 6(2), 8(1)(2), 9(1)(2)
Track consent revocation of data subjects to prevent the transfer or processing of data without their consent.
Articles: 4, 10, 12, 16
Measure your organization’s posture against LPPD’s requirements with the help of our multi-regulation, collaborative, readiness, and data protection impact assessment system. It allows you to identify gaps in compliance and address the risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance against LPPD requirements.
Track data flows in your organizations by having a centralized catalogue of internal data process flows as well as flows for data transfer to service providers and other third parties.
Articles: 8, 9, 12
Track, manage and monitor privacy and security readiness for all your service providers from a single interface. Collaborate instantly with vendors, automate data requests, and manage all vendor contracts and compliance documents.
Article: 12(5), Data Protection Board Decision 2019/10
Automates compliance actions and breach notifications to concerned stakeholders in relation to security incidents by leveraging a knowledge database on security incident diagnosis and response.
The LPPD requires controllers to
register to the VERBIS, which is
the data registry system in Turkey.
The national data protection authority is the Kiisel Verileri Koruma Kurumu (Personal Data Protection Authority).
The LPPD applies to Turkey's entities and any foreign natural or legal entity collecting or processing Turkish originated data or Turkish data subjects' personal information regardless of their physical location.
All necessary organizational and technical measures should be taken by the controller to fulfill the obligation stated under the LPPD.
Administrative fines are increased each year based on the re-evaluation schedules published in the Official Gazette with Tax Procedural Law Communiques.