Protection of Personal Data

Personal data is one of the most important values ​​of modern life, and today it is frequently processed by the private sector and the public through information systems by automatic means. This situation not only makes access to information easy, but also carries the risk of abuse of information. The right to protection of personal data is a constitutional right that individuals have against unauthorized use of their data by natural or legal persons.

Law No. 6698 on the Protection of Personal Data (“KVKK”) was published in the Official Gazette No. 29677 on April 7, 2016, in order to protect the fundamental rights and freedoms of the concerned persons whose personal data are processed, especially the privacy of private life, and to regulate the obligations and the rules to be followed by the natural and legal persons who process personal data. It has been published and entered into force.

With the KVKK, as per the Regulations and regulations issued pursuant to this law, individuals are equipped with certain rights against real and legal persons defined as data controllers, while certain obligations have been imposed on data controllers. Turkey organizational structure of the company or employees are required to have completed the process of harmonization of every company no matter kvkk'y. If a company which is established in Turkey; If it processes the personal data of anyone living within the borders of the European Union, in this case, it is also obliged to fulfill the requirements of the GDPR (a data security standard that entered into force for the residents of the European Union on May 25, 2018). In this case, your compliance process should include both KVKK and GDPR.

In Uslu Law Office, we serve our legal entity clients operating in different sectors with a holistic approach in order to ensure the continuity of compliance in the areas of law, process, organization, data management and security within the scope of compliance with the law and to protect them from administrative and legal sanctions. we offer.

Some of the services provided by Uslu Law Office in the field of Personal Data Protection are as follows:

• Carrying out processes within the scope of compliance with the personal data protection legislation and GDPR,

• Analyzing the current situation of the business and actions of real and legal persons who are data controllers and determining the obligations they are subject to,

• Determining which personal data are processed in internal departments / units on a category basis and preparing a data inventory,

• Registration to the Data Controllers Registry ("VERBİS"),

• Preparation of the necessary legal documents within the scope of the compliance process with the legislation, (Clarification Texts, Clear Consent Texts, Personal Data Protection Policy, Personal Data Storage and Destruction Policy, Privacy Policy, Cookie Policy)

• Preparation of texts to be used in the application process of the relevant person,

• Preparation of board of directors resolution letters regarding the acceptance of the internal directive of the company and appointment of VERBIS contact person,

• Preparing and / or revising the contracts that clients need to conclude with their clients or business partners in accordance with the legislation,

• Providing in-company awareness trainings for the departments within the Data Controller (law, HR, IT, marketing, public relations, etc.),

Legal consultancy regarding administrative, legal and criminal procedures carried out before the Personal Data Protection Authority,

• Representation and legal consultancy in investigations and lawsuits related to personal data,

• Follow-up of Board decisions and current developments made by the Personal Data Protection Authority

• Filing administrative, legal and criminal applications on behalf of the persons whose personal data is processed and / or the data controller, and following up the legal processes regarding these applications.