The Personal Data Protection Law (KVKK) was published in the Official Gazette of Turkey on April 7, 2016, with the number 29677. The law came into effect on April 7, 2018, and its provisions have been enforced since that date. This two-year period allowed both the public and private sectors to adapt to the law's requirements. The law was designed to be in compliance with the European Union General Data Protection Regulation (GDPR). As a result, Turkey's data protection standards were aligned with EU standards through this law.
Protecting and safeguarding personal information is crucial.
Because such information is often considered confidential and private. Unauthorized access or malicious use of this information can lead to serious breaches of privacy. Therefore, laws and regulations in many countries govern how personal information is collected, stored, and used.
The objectives of the KVKK are centered around data protection.
To state its broader goals, the fundamental objectives of the KVKK are as follows:
Personal Data Protection, Processing of Personal Data, Storage of Personal Data, Data Subject Rights, Responsibilities of Data Controllers, and Breach Notification. These objectives concern every individual living in our country. Those who do not comply with the KVKK may face significant fines and legal responsibilities. Therefore, it is important to adhere to the provisions of the KVKK regarding the processing and protection of personal data.
Explicit consent refers to an individual's permission to process their data for a specific purpose.
Explicit consent is a term frequently used in laws that regulate data privacy and the protection of personal data, such as the Personal Data Protection Law (KVKK). The elements of explicit consent include a specific purpose, free will, information, permission for processing, and the right to withdraw consent. These rights are vested in the individual and are activated with their consent.
An explicit consent statement is a written document in which permission is given for the processing of data.
This statement should be prepared in accordance with the Personal Data Protection Law (KVKK) or other data privacy regulations. The explicit consent statement is signed by the data subject or electronically approved by them.
Under the KVKK (Turkish Data Protection Law), penalties are categorized into administrative and criminal sanctions
Administrative fines are explained in Article 18 of the Personal Data Protection Law (KVKK) as follows: (Violation of the obligation to inform: 5,000 TL - 100,000 TL, Violation of the data processing obligations: 15,000 TL - 1,000,000 TL, Violation of the registry obligations: 25,000 TL - 1,000,000 TL, Non-compliance with the decisions of the Data Protection Authority: 20,000 TL - 1,000,000 TL)
According to Article 17 of the KVKK, the penalties are linked to the Turkish Penal Code, and specific provisions are outlined as follows: (Personal data breach: 1-3 years, Unlawful recording of personal data: 2-4 years, Failure to erase personal data after the expiration or upon the request of the data subject: 1-2 years).
In this era of increasing digitalization, the protection and security of personal data have become areas of regulation, especially in the realm of fundamental rights and freedoms, including private life. It is essential to comply with this law to protect personal data in the digital age.