Here you can access most recent articles on legislative updates regarding Personal Data Protection Law, Social Security Law, Taxation Law, Occupational Health and Safety Law, Code of Obligations, Labor Law, Turkish Commercial Code, Law on Protection of the Value of Turkish Currency, Foreign Exchange Legislation, and Immigration Law in Türkiye.
You can access the dates of the most recent international bilateral social security and double taxation treaties made between Türkiye and other countries and relevant documents here.
You can contact us to figure out whether you are subject to Personal Data Protection Law (KVKK) or EU’s General Data Protection Regulation (GDPR).
While various organizations in Türkiye try to be compliant with the KVKK, they usually neglect that they are also subject to GDPR. Therefore, organizational applications such as confidentiality, security, protection of personal data, policies, agreements and similar applications are developed only in accordance with local regulations. However, not complying with the EU regulation carries an essential risk. As CottGroup®, we administer your compliancy with both regulations.
An essential issue with the overall consultancy services is the fulfillment of only one direction of guidance towards the construction of legal infrastructure regarding KVKK and GDPR compliancy, most commonly due to lack of technical knowledge and qualification of the consultancy company. In fact, important criteria for consultancy companies are their command over the terminology and their experience in the fields of legal system, hardware, software and technical subjects. The process will continue more consistently and without any issues, should the consultant company have top level experience regarding personal data management.
To begin with, it is essential for companies to determine which legal regulation they are subject to. The Article 3 of the GDPR legislation provides clarification on this matter; not only institutions in the EU countries are subject to the regulation, but also institutions in other countries are liable. Regardless of its location every institution; which conducts business with the EU countries, sells product or service to EU citizens and/or EU residents, uses one of EU languages and processes personal data of EU citizens; is subject to the GDPR. Besides, KVKK and GDPR compliances are not single time requirements. On the contrary, companies are required to organize their business as usual activities in accordance with these criteria and implement them in a consistent manner. Both KVKK and GDPR enforce serious penalties against data controllers who violate the regulations. Especially, penalties implemented as per the GDPR could reach to €20 million or 4% of the company’s annual global turnover (the higher amount is preferred).
Security related issues which are dictated by KVKK and GDPR deserves serious attention. Every institution, which monitors or processes personal data, is required to assign a Data Protection Officer (DPO). Also, destruction procedures and cookie policies are important as per the regulation of which companies are subject to. After determining which institutions are subject to what regulation, institutions should organize their destruction and cookie policies in accordance with the qualifications of the possessed data. Moreover, institutions should not neglect data transfer and security procedures to be followed when sharing data with employees, clients etc. For instance, if sensitive data is to be shared with employees, necessary trainings regarding data processing and transfer are mandatory to be provided in advance.
Do you have your;
Designing better ways to work through cutting-edge products, premium services and exceptional experiences that enable people to reach their full potential. HR, Talent, Benefits, Payroll and Compliance informed by data and designed for people.
Learn more at www.adp.com
ADP, ADP logo and the slogan "Always Designing for PeopleTM" belong to the registered trademark of ADP, LLC.
Get a quote for your service requirements.