We bring together the disciplines of law, cyber security and governance so that the KVKK (Personal Data Protection Law) compliance process succeeds and truly benefits your business. If your goal is not just to harmonize on paper but to add value to your business, we are ready.
End-to-End KVKK Consultancy
The purpose of the compliance process consultancy to the Law No. 6698 is to protect the personal data by preventing the illegal processing of personal data and illegal access to the personal data in the institution and to ensure that the necessary legal, technical and administrative measures are taken.
It includes information about all data assets of all units within the organization in physical or electronic media.
The detail of the content
Preparation of the necessary guide documents for KVKK. Institution business contracts, third party contracts and general and sectoral institution legislation in terms of KVKK. Reviewing the policies, procedures and other documents (data protection, deletion, destruction, anonymization) that will be required to comply with the law as the management system of the institution. Examining the existing written service processes of the institution, determining the personal data in the processes and creating a data inventory list. Scanning for the detection of personal data in the files on the File Server of the institution by indexing them. Making a classification that takes personal data and critical information assets into account. Analyzing data risks in terms of KVKK of the inventories. Determining the data retention limits of the personal data kept in the institution according to the relevant legislation and / or the reasonable framework to be established. Determining institutional needs regarding data life cycle and periodic activities. Documentation of recommendations regarding the unit / person job descriptions that should be in the structure to be designed to ensure compliance with KVKK. Making MED- Privacy Impact Assessment (PIA Report) of the data in the inventory. Reviewing the disclosure, consent and renunciation statements in accordance with the “Communiqué on the Procedures and Principles for Fulfilling the Obligation of Disclosure” published in the Official Gazette No. 30356 dated 03.2018. Proposing necessary revisions by examining data retrieval, recording, storing and deletion operations. Registration of the institution to VERBIS. Providing consultancy on assigning a data controller contact person to communicate with the KVK institution. Creating the necessary organizational structure for KVKS (Personal Data Protection System) and determining job descriptions. Presenting the necessary technology suggestions as documents for the healthy use of KVKK and protection of personal data. In this context, examination of technologies that may be required for data leakage prevention, data masking, encryption, pseudonymization, tokenization and anonymization. Providing solution positioning consultancy if necessary. In accordance with the KVKK decision on “Adequate precautions to be taken by the Data Controllers in the processing of Special Quality Personal Data” published in the Official Gazette dated 01.2018 and numbered 2018/10, making the necessary technology and system recommendations for the encrypted storage and protection of Special Quality Personal Data. Examining access authorizations, proposing necessary regulations, ensuring that critical environments / persons are separated. Examining the use of the cloud and providing necessary recommendations. Giving recommendations for deduplication of documents and systems in order to be integrated with other management standards.
KVKK Awareness Training
With a special approach to the relevant sector, the legal, administrative and technical requirements of the KVKK are explained with examples in parallel with the legislation. End users are made aware of personal data definition, data processing, policies, board penalties, threats and solutions, rights and responsibilities of individuals (private / legal).
KVKK Sutability Training
It is a comprehensive training program in which the steps to be followed in the execution of the KVKK Compliance process are explained end-to-end. Detailed information is provided on the road map to be followed while fulfilling the legal, administrative and technical requirements of the legislation with a sector-specific approach.
KVKK Technical Measures Training
In order to prevent unlawful processing of personal data and unlawful access to personal data, the necessary technical measures in the Data Security Guide are explained, and solutions for how to secure the data from the “cyber security” point of view at all points.
KVKK Training for Management
It is essential that not only IT Managers and Legal unit but also other unit managers gain awareness of the personal data processed within their own units. Within the scope of the training, the importance of the information assets of the institution, the ways to protect them and the sanctions to be applied to the institution in case of illegal processing of the data processed in the business processes will be explained. Sector-specific examples are also included in the scope, such as how the management should approach KVKK.