Personal Data is any data relating to an identified or identifiable natural person. The Personal Data Protection Law (KVKK) defines "personal data" as follows. KVKK, which entered into force in 2016 and is a law that can be said to be young, makes many regulations in this regard. Issues such as personal data and processing of personal data are stipulated in this law. The purpose of the KVKK is stated in the first article as "The purpose of this Law is to protect fundamental rights and freedoms of persons, particularly the right to privacy, with respect to processing of personal data and to set forth obligations, principles and procedures which shall be binding upon natural or legal persons who process personal data." With the regulations made in line with this purpose, KVKK has also examined the processing of personal data by grouping them. While the conditions for the processing of personal data are analysed in Article 5, the " Conditions for processing of Special categories of personal data" are included in Article 6. Biometric data is also mentioned in this article. For this reason, it should be said that biometric data are special categories of personal data.

Data Controller and Data Processor Concepts

The Personal Data Protection Law is a young law that entered into force in 2016. For this reason, it can be easily said that it has taken shape in accordance with the needs of our age. The purpose of The Personal Data Protection Law is to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data, and to regulate the obligations and procedures and principles to be followed by real and legal persons who process personal data. In line with this purpose, the law has made many regulations and tried to clarify the relevant concepts. The concepts of data processor and data controller are among the concepts regulated in the KVKK.

In today's business world, the need for personal data protection has been ensured by the Personal Data Protection Law (PDPL), making it a priority for every organization. Human resources departments are responsible for collecting, managing, and storing extensive personal data, including sensitive data about employees and candidates. This data includes social security numbers, addresses, phone numbers, email addresses, medical records, and other personal data. Therefore, the significance of personal data protection in human resources cannot be overstated. We've outlined the critical factors that HR professionals should pay attention to when it comes to protecting personal data during the recruitment and active employment processes.