According to the published announcement, the processing of personal data within the scope of activities carried out by public institutions and organizations authorized by law in order to prevent the contagiousness of the epidemic in order to eliminate this threat in cases such as epidemics that threaten public security and public order, is also subject to subparagraph (ç) of the first paragraph of Article 28 of the Law. considered to be considered within the scope of
In subparagraph (ç) of the first paragraph of Article 28 of the Law, “Processing of personal data within the scope of preventive, protective and intelligence activities carried out by public institutions and organizations that are authorized by law to ensure national defense, national security, public security, public order or economic security. It has been regulated that the provisions of the Law will not be applied in case of ”.
Within the scope of the announcement published by the Personal Data Protection Authority, in order to prevent the spread of the disease due to the threat of the epidemic disease caused by Covid-19, public security and public order, Covid-19 vaccine information and/or negative PCR test information falling within the scope of the aforementioned article. There is no obstacle in front of the processing of the personal data within the scope of preventive and protective activities carried out by institutions and organizations, therefore, personal data processing activities can be carried out within the scope of subparagraph (ç) of the first paragraph of Article 28 of the Law, however, the protection of public security and public order carried out within the scope of the Covid-19 epidemic. It is considered that personal data processing activities that are outside of or exceed the purpose of this purpose will be within the scope of the Law.
Source: kvkk.gov.tr
To request a quotation for the following: Cyber Security, Digital Transformation, MSSP, Penetration Testing, KVKK, GDPR, ISO 27001 and ISO 27701, please click here.