Personal Data Protection

KVKK Compliance Support

Technical and administrative measures as a data processor under the Personal Data Protection Law No. 6698.

KVKK

6698 Sayılı Kanun

Law Articles33
Core Principles6
Data Subject Rights8

Data Controller and Data Processor

Roles and responsibilities are clearly defined under KVKK.

Data Controller (Customer)

The natural or legal person who determines the purposes and means of processing personal data and is responsible for establishing and managing the data registry system.

Data Processor (VeriTeknik)

The natural or legal person who processes personal data on behalf of the data controller based on the authority given. Responsible for technical infrastructure and security measures.

KVKK Core Principles

Fundamental principles to be followed in personal data processing activities.

Lawfulness

Personal data can only be processed in accordance with the procedures and principles prescribed by law.

Purpose Limitation

Data is collected for specific, explicit and legitimate purposes; cannot be processed in ways incompatible with these purposes.

Data Minimization

Collected data must be relevant, adequate and necessary for the processing purpose.

Accuracy

Personal data must be accurate and up-to-date; corrected when necessary.

Storage Limitation

Data is stored for as long as the processing purpose requires; deleted or anonymized when the period expires.

Security

Appropriate measures are taken to protect personal data against unauthorized access, loss or damage.

Security Measures

Technical and administrative measures taken under KVKK.

Technical Measures

  • Data encryption (at-rest and in-transit)
  • Access control and authorization
  • Firewall and IDS/IPS
  • Log management and monitoring
  • Backup and disaster recovery
  • Vulnerability scanning and penetration testing

Administrative Measures

  • Data processing policies
  • Employee confidentiality agreements
  • Data processor contracts
  • Regular training programs
  • Internal audit procedures
  • Incident response plans

Physical Measures

  • Data center security
  • Biometric access control
  • 24/7 security monitoring
  • Fire and water protection
  • Backup power systems
  • Environmental controls
Data Transfer

International Data Transfer

Transfer of personal data abroad is subject to special conditions under KVKK.

  • Obtaining explicit consent or legal exception
  • Transfer to countries with adequate protection
  • Providing assurance through undertaking
  • Obtaining Board permission (when required)

Transfer Conditions

1
Explicit consent of the data subject
2
Explicitly prescribed by law
3
Necessity for contract performance
4
Legitimate interest of data controller

Ensure Your KVKK Compliance

Get expert support on technical and administrative measures.