IDC Names Securiti a Worldwide Leader in Data Privacy
ViewListen to the content
The world is taking data privacy seriously, and every day more and more countries are enacting data protection legislations to ensure the protection of personal data. Turkey was one of the first countries to start the trend of legislating data protection. Turkey drafted legislation covering personal data protection on April 07, 2016, called “Law on the Protection of Personal Data No. 6698 (LPPD).” This law is based on the European Union Data Protection Directive 95/46/EC and aims to give data subjects’ control over their personal data.
The following definitions mentioned under Article 3 of the LPPD are crucial to understanding the law:
Personal Data Protection Board
A natural person, whose personal data is processed
President of the Personal Data Protection Authority
Personal Data Protection Authority
Information relating to an identifiable or identified natural person
Informed, specific, and freely given consent
A natural or legal person who is authorized by the data controller to process personal data on his behalf
Making personal data impossible to be linked with an identifiable natural person, even through matching them with other data
A natural or legal person who is responsible for establishing and managing the data registry system, and determines the purpose and means of processing personal data
The registry system where the personal data is structurally registered into structurally according to a predefined criteria
Any operation performed on personal data, which includes the collection, storage, recording, retention, alteration, disclosure, re-organization, transferring, making retrievable, taking over, classification or preventing the use thereof, partially or fully through automated means or provided that the process is a part of any data registry system, through non-automatic means
Article 4 of LPPD states that “Personal data may only be processed in compliance with the procedures and principles set forth in this Law and other laws.” Other laws that also parallelly regulate personal data processing in Turkey are the European Union Data Protection Directive 95/46/EC and the Automatic Processing of Personal Data No. 108. Key principles required for the processing of personal data are:
LAWFULNESS AND CONFORMITY WITH RULES OF BONA FIDES
ACCURATE AND WHERE NECESSARY KEPT UP-TO-DATE
PROCESSED FOR SPECIFIED, EXPLICIT, AND LEGITIMATE PURPOSES
RELEVANT, LIMITED, AND PROPORTIONATE TO THE PURPOSES FOR WHICH THEY ARE PROCESSED
RETAINED FOR THE PERIOD OF TIME DETERMINED BY THE RELEVANT LEGISLATION OR THE PERIOD DEEMED NECESSARY FOR THE PURPOSE OF THE PROCESSING
Although under Article 5(1) of LPPD, the data subject's explicit consent is mandatory for processing personal data, personal data processing may also be allowed when one of the following conditions are established:
Under Article 11 of LPPD, the law grants rights to data subjects that they can exercise under this law. These rights are as follows:
Under Article 16 of LPPD, natural persons or legal persons who process personal data must enroll in the Data Registry of Controllers before taking any steps to process personal data. Application for enrolling must be made with a notification containing the following essentials:
Article 17 of LPPD states that Article 135-140 of Turkish Penal Code No. 5237 of 26/9/2004 shall apply in terms of crimes concerning the personal data and that can be subject to imprisonment.
Pursuant to Article 18 of the LPPD, the Personal Data Protection Board can impose administrative fines up to TRY 1.000.000 for each incidence of non-compliance. Following non-compliance with the data protection laws can result in:
The multi-disciplinary practice to grow trust-equity of your brand and comply with privacy regulations.
Get the Book“By leveraging the PrivacyOps constructs from this book across our organization we were able to not only save time and money but also mitigate the risks associated with manual methods of privacy management.”
- Marty Collins, Chief Privacy and Legal Officer, QuinStreet, Inc
Organizations that process and transfer personal data can make compliance with the LPPD a complex task. Compliance can be a very human-intensive process and a costly affair for businesses operating in the Turkish Markets or abroad while still risking the threat of facing liabilities for non-compliance.
securiti.ai’s award-winning compliance solution revolves around the concept of PrivacyOps, which uses artificial intelligence, robotic automation, and machine learning to provide enterprises with a system that automates the majority of compliance tasks, freeing up crucial resources for other areas of business.
securiti.ai helps businesses discover data over a web of internal and external systems, stitch together a data graph to link personal data with each individual, conduct automated internal assessment of policies as well as third-party vendors, manage consent and do a lot more!
securiti.ai and its innovative automated mechanisms help businesses comply with the complex requirements of the LPPD with the simple click of a button. To learn how securiti.ai can help your business efficiently implement privacy management, request a demo today.
The LPPD went into effect on April 7, 2016.
The right to data processing and the right to data portability are not applicable under the LPPD.
The LPPD is also known as Kişisel Verileri Koruma Kanunu (KVKK).
The LPPD requires controllers to register to the VERBIS, which is the data registry system in Turkey.
Administrative fines are increased each year based on the re-evaluation schedules published in the Official Gazette with Tax Procedural Law Communiques.
The LPPD, or Law on Protection of Personal Data (Kişisel Verilerin Korunması Kanunu - KVKK), is Turkey's data protection law. It governs the processing and protection of personal data within Turkey.
The "Protection of Personal Data Numbered 6698" refers to the Turkish Personal Data Protection Law (KVKK), which is Turkey's comprehensive data protection legislation.
The Turkish Constitution protects the right to privacy in Turkey and is further regulated by the Turkish Personal Data Protection Law (KVKK), which outlines the rights and principles related to individuals' personal data.
While Turkey is not an EU member state, it has aligned its data protection laws with GDPR principles. The Turkish Personal Data Protection Law (KVKK) shares similarities with GDPR.
KVKK (Turkish Personal Data Protection Law) and GDPR (General Data Protection Regulation) have similarities in terms of protecting individuals' data privacy, but they have differences in terms of specifics and jurisdiction. KVKK applies to Turkey, while GDPR applies to the EU.
Anas Baig is a Product Marketing Manager with a proven track record in the cybersecurity industry. He has been a prominent contributor to numerous esteemed publications, including Infosecurity Magazine, CSO Online, Tripwire, Security Affairs, Network Computing, Security Boulevard, and several other renowned cybersecurity blogs.His in-depth knowledge and extensive experience in the industry make him a trusted source for cutting-edge insights and information in the ever-evolving world of cybersecurity.
Get all the latest information, law updates and more delivered to your inbox
September 15, 2023
The wealth of data available to organizations globally has brought tremendous improvements in their ability to target and cater to their customers' needs. Organizations...
September 13, 2023
Kuwait didn’t have any data protection law until the Communication and Information Technology Regulatory Authority (CITRA) introduced the Data Privacy Protection Regulation (DPPR). The...
September 12, 2023
Following the end of the Brexit Implementation Period on 31 December 2020, the United Kingdom is no longer subject to the European Union General...
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
info@securiti.ai
Securiti, Inc.
300 Santana Row
Suite 450
San Jose, CA 95128