0212 438 04 76
0541 341 20 34
Get Offer

What are the Technical Measures to be Taken for KVKK?

What are the Technical Measures to be Taken for KVKK?

Recently, many companies have been working very effectively on the Personal Data Protection Law (KVKK), and they have been trying to give their businesses a more institutional structure. KVKK, which is so popular with companies, is the Law on Protection of Personal Data No. 6698. This law entered into force on 7 April 2016.

What is the Personal Data Protection Law (KVKK)?

The Law on Protection of Personal Data (KVKK) is a law that came into force to protect the right to privacy, which is actually one of the most fundamental rights of individuals, and not to be shared without the consent of the person given the personal data. This law, by limiting companies within the framework of certain rules, brought obligations especially to companies that process personal data, and the framework of the rules they would comply with was drawn.

The Law on the Protection of Personal Data basically aims to protect the fundamental rights and freedoms of individuals, and to regulate the obligations of all, whether they are legal or natural persons, and the procedures and principles to be followed. At this point, as we are used to hearing in online systems or phone calls for a long time, it has become mandatory to inform people in advance that their data is recorded within the scope of the Law on the Protection of Personal Data (KVKK), that is, to obtain their explicit consent. With this law, personal data cannot be processed and transferred to others without the consent of the person. Otherwise, a criminal offense will be committed.

Scope of Personal Data Protection Law (KVKK)

The Personal Data Protection Law (KVKK) is a system based on 3 interlocutors. These addressees are; The natural person is the data controller and the natural or legal persons who process this data.

The addressee, called a natural person, is based on the natural persons whose personal data are processed. In addition, the addressee, called the data controller, is the person who establishes and manages the data recording system and prevents the unlawful processing and access of personal data while doing this. At the same time, this addressee indicates why personal data should be processed and the persons responsible for its management by revealing their purposes. These persons may be legal or natural persons such as institutions, organizations, associations. The addressee, called the data processor; They are the persons who process personal data into the systems within the framework of the instructions given to them and carry out these works on behalf of the data controller. These persons may also be natural or legal persons.

What are the Technical Measures to be Taken for the Personal Data Protection Law (KVKK)?

While businesses are doing a lot of work on KVKK, there are both legal and administrative measures that need to be taken. However, besides these, there are also technical measures that should be taken by system administrators. These technical measures are one of the most important topics to ensure the security of personal data.

The technical measures to be taken within the scope of the Personal Data Protection Law (KVKK) are as follows:

1) An authorization matrix should be created that shows who can access which data and under what conditions.
2) In an institution, access to systems containing personal data must be limited in order to prevent anyone from accessing it. In order to achieve this, an authorization control system should be established. In other words, employees in a business should reach the required amount of data within the framework of their work and duties. In order to access these data, a firewall must be created and a system must be established to enable the use of a user name and password so that the authorized person can be recognized.
3) Access logs should be created. That is, when a system is logged for a data, logs should be created on what date and time and from which IP address the system was logged in as required by the firewall, that is, records should be kept.
4) User account management should be provided with SIEM (Security Notification and Event Management).
5) Network security and then application security of this system should be established.
6) The reliability of the system should be checked with a penetration test by encrypting with a suitable infrastructure.
7) If there is a cyber attack, precautionary plans should be created about what can be done. In order to prevent a cyber attack, system vulnerabilities, if any, should be closed quickly and how to detect an attack should be determined.
8) Your data must be protected. In order to achieve this, first of all, it should be studied on how data masking can be done, and then systems should be developed in order to prevent data loss. It is essential for the continuity of the system that the obtained data can be protected and not lost. Backup systems should be developed to prevent data loss.
9) Firewalls should be tested, it should be ensured that a good firewall is installed, and these systems should be supported with up-to-date anti-virus programs.
10) The person whose personal data is stored, Even if they are d, destroyed or anonymized, that is, matched with the needed need, their identities can be eroded. If this is necessary for data transfer, to transmit it through a system to make it necessary to be received.
11) The information system system can be provided by the management of encryption keys. Data controller count key management. Users should use these keys for a system. These keys are completely overlooked, overlooked at the safe, at the safe, and this is one of the personally designed technical applications.

How is the Personal Data Protection Law (KVKK) System Established?

In order to ensure the protection of personal data, working with experts from institutions and organizations and professionals who can implement this system in the most effective way. In this case, it makes the best use of the system around the concept of the Personal Data Protection Law (KVKK).

A general evaluation of the consultancy provided for the protection of personal data and their relevance to all of these stages.

1) Legal Consultancy
2) Process Consulting
3) Consulting on Technical Measures

They provide personal use of businesses that can successfully complete these stages and benefit from many advantages in use. This price will not be paid;

• awareness is created.
• Scenarios to show in business improvement.
• Data can be accessed more quickly, easily and at an affordable price.
• The data is retrieved.
• Business continuity.