In The Light Of The GDPR and Personal Data Protection Act
What is GDPR?
The European Union Data Protection Regulation (GDPR) entered into 25 May 2018.
In GDPR, the user is defined as ‘’relavent person’’. You, me and everyone, we're the owners of our personal data.
In the previous privacy guidelines, the primary purpose was the business or the business itself that processed the personal data. Through these guidelines, rules were set up, such as how much personal data should be kept and what to do with these data. The main thing in GDPR is that the direct user himself / herself has been drawn with a certain line which will have the rights of his personal data.
It has become an important necessity to get support from experts on the necessary procedures to become GDPR compliant. At this point, it is not enough to use only technical tools and it may be necessary for the inspection by authorized persons.
General Data Protection Regulation-Who Should Comply With GDPR?
All companies that collect and store the data of citizens and customers within the borders of the European Union are subject to the General Data Protection Regulation GDPR.
A Brief Introduction to the Law on the Protection of Personal Data
The protection of personal data is closely related to the protection of personal data and the protection of fundamental rights and freedoms.
The protection of personal data is intended to protect the persons to whom the data is related. In other words, data protection; refers to administrative, technical and legal measures that are embodied in the principles of protection of personal data and are aimed at protecting persons from damages arising from the processing of data about them completely or partially by automatic or non-automated means.
In this sense, it aims to secure the data of the individuals by covering all stages of data processing processes such as the collection of personal data, the purpose for which the data is collected, how long it is stored, used and transferred.
What is Personal Data?
Personal data refers to any information relating to a specific or identifiable natural person. To be able to say personal data to a data, it is necessary that the data is related to a real person, and that the person must be specific or identifiable. Accordingly;
- Relevant natural person: Personal data is related to the real person and the data on the legal entities are beyond the definition of the personal data. Therefore, information on the legal entity, such as the trade name or address of a company, will not be considered as personal data (except where relevant to a natural person).
- Make the person specific or identifiable: Personal data may also be shown by the person's direct identity. It does not need to directly show the identity of the person, but also includes all the information that provides the identification of the person as a result of being associated with any record.
- Any information: This statement is extremely wide and is a real person; name, surname, date of birth and birth place of the individual, such as not only revealing the identity of the individual; phone number, motor vehicle license plate, social security number, passport number, resume, picture, image and sound recordings, fingerprints, e-mail address, hobbies, preferences, contacts, group memberships, family information, health information such as direct contact or any data that makes it indirectly identifiable are considered personal data.
Minimize the Risk…
Routine procedures, security policies and business objectives have to be reorganized. However, managers and employees should also provide training in this field. Apart from all these, every action must be properly documented. This certification process must be in compliance with the Law on the Protection of Personal Data and clearly inform the users how to process their data.
GDPR ve KVKK Işığında..
In the Light of the GDPR and KVKK
Av. M. Burak KÜÇÜKİSLAMOĞLU