On the 102nd anniversary of our National Sovereignty and Children's Day how the personal and private personal data of our children, who are the future of our country and our world, are protected according to the European Union Regulation .
first national legal regulations for the protection of personal data;
- Germany in 1970
- Sweden in 1973
- It is expressed as the legal texts made in the USA in 1974.
In parallel with these national regulations made in the 1970s, since the 1980s, the guidelines of the Organization for Economic Co-operation and Development (OECD) and the Council of Europe's convention on the protection of personal data against automatic processing have been introduced in international legal documents. the right to protection is recognized.
The EU Data Protection Directive 95/46/AT, which came into force in the EU in 1995, provided a globally accepted framework in the field of personal data protection. But; As a result of technological developments such as social networks, cloud computing, big data analysis, location-based services and smart cards; A comprehensive reform has been made in the EU data protection rules implemented by the European Commission in the member states, in order to modernize the principles adopted in the Data Protection Directive and to guarantee the right to privacy of citizens in the future. In this context, the "General Data Protection Regulation (GDPR)", which includes a radical reform in EU data protection rules, was approved by the European Parliament on April 14, 2016.
With our participant who has a Data Protection Officer (DPO) certificate from Maastricht University;
- Scope of the Data Protection regulation,
- Basic definitions and concepts in data protection regulation,
- The main characters in the data protection regulation,
- Roles and responsibilities
- Principles and obligations
QUESTION-ANSWER
Does the Data Protection Officer have the authority to sanction the data controller?
The people we call DPO are not people chosen by the authority or sent by the authority. It is appointed by the DPO HR unit, taking into account the sectoral experience. After the DPO takes office, it is responsible for internally harmonizing the tasks to be done in the compliance project within the methodology. The DPO cannot have a sanction. The DPO is a person responsible for enforcing and enforcing rules. DPO makes suggestions to the Institution, examines the processes together with its team and makes the necessary analyzes. After the transactions are made, it prepares the data protection handbook.
Is there a declaration obligation to the Data Protection authority in the GDPR?
If you have more than 250 employees, your data processing activities should be recorded by the authority. The information you process must be in the database of the authority.
Are the lighting criteria for children defined in the GDPR?
The most important issue is the age of children, parental consent is required for 16 years and under. If you are over the age of 16, you can give your own permission. If there are natural persons at the age of children among the customers of the data controller companies, they can put a statement on this issue in their data protection policies.
How is verification done for Parental control in GDPR?
It is necessary to create a design under the name of technical and organizational measures within the GDPR. In this design, it is necessary to make a special design for parent verification in the section about children. It is necessary to decide with the IT team, what method and the mechanism for obtaining consent from the parent/guardian for those under the age of 16. There are different manufacturers and solutions for this approval mechanism. Depending on the number of customers of the data controller, verification can be done via e-mail or SMS. GDPR means to manage your processes in accordance with basic principles using reasonable technological tools. In this context, a method should be determined.
Which companies in Turkey have GDPR obligations?
If domestic companies in Turkey do business with companies within the scope of GDPR, they are within the scope of GDPR. All of our companies that market products and services to European Union countries have obligations in this context.
The scope of application of the GDPR is regulated by Article 3 of the Regulation, and the provisions of the GDPR are applied in terms of personal data processing carried out within the scope of their activities by data controllers and processors operating within the borders of the EU, regardless of whether the processing takes place in unity or not.
Erdem Eriş
CyberArts
Founder & CEO
Hakan Hasşerbetçi
GDPR and DPO Trainer
Gülhan Coşkun
CyberArts
Senior Advisor
