Providing security of your information assets is part of Turkish Personal Data Protection Law (KVKK) and by creating an information security system for your business, having an ISO 27001 certification is the best way to document the measures taken by your organization in this context.

Although GDPR is a text that pursues and adopts the main principles stipulated by Directive 95/46, it has been introduced some regulations to be more compatible with today's requirements intended for the new needs arising from the latest technologies.¹ However, the concepts of "consent" and "explicit consent" which are the elements that provide legal legitimacy for the processing of personal data in Directive 95/46, and the terminology that created within the framework of these concepts, continued to be used in the EU General Data Protection Regulation. It is required that consent must "unambiguously" given in Directive 95/46. In case of the processing of personal data, it is stipulated that the condition of explicit consent is required. The conditions for the validity of the consent are also regulated in Article 4 of the EU General Data Protection Regulation. The elements specified in this Article provide the validity of both types of consent.