Then, it will be subjected to the GDPR.
personal information indirectly, directly, partially or in a whole;
then it will be subjected to the PDPL.
It is safe to say that GDPR is the enhanced version of Turkish Data Protection Law (KVKK) and the KVKK is the first version of GDPR, released on 1995 under the name (Directive 95/46/EC). Since both regulations are the same in core concepts, it is more efficient for your operations to analyze the liabilities at first, then proceed with the compliancy measures. It will allow you to save both time and resources.
Within this scope, simply below the main concepts are summarized.
KVKK (Personal Data Protection Law)
GDPR (General Data Protection Regulation)
Key concepts on the KVKK are;
Key concepts on GDPR are;
Both KVKK and GDPR aim the minimization of data and to have transparent data processing procedure along with security and confidentiality methods. Besides, sanctions of any discrepancies with the legal obligations are strictly serious.
Although both laws have the same core idea, they differ on the penalties. It is crucial to cover obligations in the law that you have responsibility of, linked with compliancy periods, not to face with any enforcement and administrative legal procedures.
The given amounts are applied at the beginning of each calendar year by increasing the rate of revaluation determined and announced in accordance with the duplicated provisions of the Article 298 of the Tax Procedure Law No. 213 dated 4.1.1961 for that year.
In addition to these administrative fines mentioned in the Personal Data Protection Law, there are also jail sentences mentioned in the Turkish Criminal Code between 1 to 4 years.
according to the 2017 data, 41 data breach application are made to the PDPL Institution and 125.000-TL administrative fine is imposed as a result of these sanctions. In 2018, the amount of these data breach applications have increased to 395 and 233 of them are investigated by the Institution and replied. Moreover, the administrative fines to be imposed on 2018, are came up with 1.365.000-TL in total. Thus, the issue of personal data protection has been gaining more importance and the clock is ticking against the companies who have not completed the compliancy process yet.
In case of a probable data breach and/or incompliancy with the regulation, the sanctions to be imposed are very high when compared to KVKK.
The administrative penalty fine is determined as 4% of global revenue of the company that belong to the previous year or €20.000.000 Among these amounts, the highest one shall be imposed as a penalty fine.
Besides, the below mentioned ones shall also be imposed as a penalty: