The Law No. 6698 on the Protection of Personal Data entered into force after being published in the Official Gazette on April 7, 2016, and started to be celebrated as April 7 Personal Data Protection Day. The purpose of the law is to regulate the conditions for the processing of personal data, the protection of fundamental rights and freedoms of individuals in the processing of personal data, the obligations of natural and legal persons who process personal data, and the procedures and principles to be followed. In the justification of the law, protecting the privacy of the individual and ensuring data security are also evaluated within this scope. In addition, regulating the obligations of natural and legal persons processing personal data and the procedures and principles to be followed are among the purposes of the law. Right to Protection of Personal Data T.C. It is a fundamental human right in accordance with Article 20 of the Constitution.
Thanks to the rights granted to the persons concerned by Article 11 of the Personal Data Protection Law, personal data owners can effectively exercise their rights and complain when necessary.
In data breach notifications, the purpose of notifying the board and the people affected by the breach is to ensure that measures are taken to prevent or minimize the negative consequences that may arise for these people as a result of the breach.
Information about the applications made by the relevant persons to the Personal Data Protection Authority is given below.
According to the Personal Data Protection Authority 2019 Activity Report;
In 2019, 2,280 applications were made to the Personal Data Protection Authority, including 2,229 complaints and 51 notices.
Distribution of Notifications and Complaints Made to the Institution by Subject
| Subject of Complaint and Notification | Number of Complaints and Notifications |
| Failure to fulfill the requests of the persons concerned by the data controller within the scope of the law | 31 |
| Unlawful sharing of personal data with third parties by the data controller | 618 |
| Unlawful processing of personal data by the data controller | 471 |
| Complaints of citizens living abroad about sharing their personal data with the authorities of the country they live in | 1.160 |
| Total | 2.280 |
Administrative Sanctions;
| Administrative Sanction | 2017 | 2018 | 2019 |
| Administrative Fines for Complaints and Notices | 125.000 TL | 670.000 TL | 1.905.000 TL |
| Administrative Fines for Data Breach Notifications | – | 200.000 TL | 11.200.828 TL |
| TOTAL | 125.000 TL | 870.000 TL | 13.105.828 TL |
The regulations made in the field of data protection have enabled very important steps to be taken in order to guarantee the privacy of citizens. With these steps being taken, the awareness of institutions and organizations in the field of personal data protection is increasing day by day.
REFERENCE;
https://www.kvkk.gov.tr/SharedFolderServer/CMSFiles/334ee925-1a83-453d-9b58-9b4ffab4b30e.pdf
https://kvkk.gov.tr/SharedFolderServer/CMSFiles/c325adf5-5337-4567-95c8-b6b953b745aa.pdf
