12March2019

PERSONAL DATA INSTITUTION UPDATED THE VERBIS & DELETION PROCESSES

The protection of the personal data has become more of an issue day by day with the development of internet technologies and personal data stored digitally. In this manner, the Institution of Personal Data Protection (the “Institution”) is developing the national legislation and publishing additional sources for the practice to sustain both domestic information security needs and integration with the European Union.

In this regard, the Institution has published two more additional sources. The document of “VERBIS FAQ” is prepared by the Institution to guide data controllers who shall perform the obligation of register into the data controller registry info system (namely “VERBIS”) mentioned in the Art. 16 of the 6698 numbered Law. You may reach the FAQ document explains details about VERBIS in Turkish here.

In addition, a sample of the “Personal Data Retention and Destruction Policy” (the “Policy”) is published by the Institution on 10.03.2019 for the data controllers that have to register the VERBIS.

The sample Policy starts with explaining the aim, scope and definitions and states the title/unit/job description of the ones who participate the retention and destruction processes. The personal data record mediums are classified as “electronical” (e.g. software, usb etc.) and “non-electronical” with detailing each personal data classification to be recorded.

Both the legal reasons and processing tools that require to keep personal data along with the reasons to destruct personal data shall be determined in the Policy.

As is known, the data controllers are obliged to take all technical and administrative measures to prevent personal data to be processed, accessed illegally according to the Art. 12 of the Personal Data Protection Law. In this manner, the Policy to be prepared shall have technical and administrative measures to be taken.

Besides the data controllers should state “the destruction technics of the personal data” in their Policy. The disposal, destruction and anonymization of the personal data shall be explained separately for each data recording medium. The retention and destruction periods that are already took place in personal data processing inventory and VERBIS, shall also be mentioned in the Policy. These periods which should be determined for each process, shall be updated if necessary.

Our Company is providing consultancy service on the Personal Data Protection Law and General Data Protection Regulation compliance processes by combining best legal and technological substructure. Click for more information.

You may reach the full text of the sample Personal Data Retention and Destruction Policy published by the Institution, in Turkish, here.

Written by Seda Arıcı, Posted in Personal Data Protection Law

  • Notification !

    Contents provided on this article serve to informative purpose only. The article is confidential and property of CottGroup® and all of its affiliated legal entities. Quoting any of the contents of this notification without credit being given to the source is strictly prohibited. Regardless of having all the precautions and importance is put in the preparation of this article, CottGroup® and member companies cannot be held liable of the application or interpretation of the information provided. It is strictly advised to consult a professional for the application of the above-mentioned subject. Prior to taking any action in regards the above, please consult your client representative if you are a customer of CottGroup® or consult to a relevant party.

About the Author

Seda Arıcı

Legal Consultant | Attorney
This website is using cookies.
In this website, we use cookies to develop your user experience, obtain efficient work and track statistical data. You are agreeing to our use of cookies by browsing our website. Please review Çerezler (Cookies) page for detailed information of how we manage the cookies. This choice is valid for 30 days until you delete the cookies in your web browser.
x