CONSULTING SERVICE

KVKK & GDPR Compliance and Consultancy Services

CottGroup^® is a leading holistic business service provider, that offers tailor made solutions to entities which have presences in Turkey in all field of operations by offering global solutions with the local knowledge and expertise it has. Just as in any other business operations you require assistance with, we are here to provide solutions and become your solution partner for local and global compliancy processes on Turkish Data Protection Law (TDPL / KVKK) and GDPR with our experienced consultant staff; offering the most accurate human – technology integration.

As of April 7, 2016, with the Turkish Data Protection Law being put in practice the entities in Turkey should have met the compliance requirements and be fully compliant with the Law in their operations. Thus, along with the local regulation, the entities in Turkey which are liable to GDPR, shall have met their obligations by May 25, 2018.

Considering the amount of workforce and dedication needs to be put in practice on the compliancy measures, we are here to become your solution partner by allowing you to save time and utilize your workforce in the most efficient way possible, considering the legal requirements were to be met yesterday as per to Laws' effective dates.

Our services can be provided for specific departments or units within your entity or if wished all departments can be unified and the service can be offered as a whole package to your presence in Turkey. Thus, if you are an organization that is also responsible from GDPR compliancy measures, we can offer tailor made solutions; similar to our other outsourcing services.

Our main service solutions are:

• KVKK (PDPL) compliance consultancy service package
• GDPR compliance consultancy service package
• Customized compliance consultancy for your entity outside Turkey
• KVKK (PDPL) and GDPR compliance consultancy service package

Our service is rendered with cooperation of the CottGroup^® Project Team and your entity’s Project Group. The service to be provided includes full legal and technical consultancy along with the measures needs to be taken within the scope of full compliancy along with identifying and outlining policies and procedures on data deletion (anonymization, masking, pseudonymization, etc.), creating; company cookie and privacy policies, data deletion manuals and processes, data transfer and information protocols, consent documents, data inventory preparation, local data records information system (VERBIS) registration.

Once the service is completed, we provide your company a risk audit report and legal compliancy report. With the reports to be provided we guarantee you that your entity has successfully completed the necessary legal measures in regards the data protection regulations and is fully compliant with the either or both GDPR and KVKK regulations.

SERVICE SCOPE

Our consultancy service includes;

• Analyzing the current standing of your entity,
• Preparation and review of company policies and procedures,
• Outlining the company’s data access and authorization matrix along with data transfer schemes,
• Preparation of employee trainings and providing the trainings to the employees,
• Preparation of the data inventory list and conducting the VERBIS (Data Controllers' Registry Information System) registrations,
• Drafting the relevant contracts on data processing and transfer processes,
• Drafting the data deletion, anonymization and relevant process manuals and procedures,
• Completing and signing off the customized Risk Report for your entity on the compliance processes,
• Preparing and presenting the Evaluation Report, customized for your entity.

OUR DIFFERENCES

GDPR and KVKK regulations, regardless of making it mandatory for compliance, are not clear on how the compliance is to be practiced and therefore leave a gap for the implementation in technical and administrative processes.

CottGroup^® stands out from the other consulting agencies and law firms, at the standpoints on knowledge, expertise and technical infrastructure. As most consultants in the sector focus on the legal aspect of the implementation and compliancy, CottGroup^® acts as your solution partner with the know-how on both legal and technological means all through the process. On our daily operations, due to the nature of being a BPO (Business Process Outsourcing) vendor, we receive, process and manage great volume of sensitive and personal data. Especially, contrary to the other vendors in the market we chose to manage and maintain our data center internally and we are not willing to outsource it which led us to maximize the data security by precluding any third-party to access data.

Furthermore;

• We have and maintain ISO 27001 Data Security and ISO 22301 Business Continuity Certifications, authorize our capability and mastery on processes,
• Our group companies are regularly audited, especially on GDPR and KVKK processes, by our global partners and relevant authorities,
• Our IT and data center maintained inhouse and any third-party access is prohibited,
• We have TSE Service Quality certification,
• Our R&S center and own software team grants full support on digitalized custom-made solutions.

Our services are to be rendered in the smoothest operational processes with our expertise and differences mentioned above, especially on whilst forwarding your queries on informatics and relevant processes to our experts. With CottGroup^®'s experienced support solutions of our consultant staff, we allow efficiency in the shortest amount of time. Our aim is to enhance and elaborate the principle of transparency and security in the field by sharing our technical knowledge with our clients.