ASEXECUTIVE Consulting
"Success is not final,
Failure is not fatal:
The important thing is the courage to continue.”
Winston Churchill.
About
Comprehensive Innovation - Process - Strategy - People
From strategy to execution.. With its ability to appeal to a broad audience of executives and leaders, ASEXECUTIVE is now a recognized Small Business. ASEXECUTIVE, with its founding in 2022, Target acquisition first step Our aim is to grow your company, develop it with a comprehensive transformation, make it competitive, and provide you with end-to-end service in determining your strategy and implementing them. In addition, our business partners and stakeholders have had the privilege of providing managerial coaching, career coaching, and expertise in business management.
Our Services
Don't Take Risk, Process and Store Your Data Safely
European Union General Data Protection Regulation
«General Data Protection Regulation»
GDPR
GDPR is the most important change in data security in the last 20 years.
The implementation date of the law, which was approved on 14 June 2016, is 25 May 2018.
In terms of compliance with GDPR, it imposes extremely heavy penalties on organizations that do not comply with the law..
KVKK - GDPR Comparison
There are many differences, big or small, between KVKK and GDPR. One of the most important differences relates to liability for violations. It also imposes a responsibility on the data controller, the data controller and the data processor, namely the legal entity, which is also classified as a data processor, to the legal entity whose counterpart is the data controller within the scope of the KVKK, which is called the data controller in GDPR.
As a result of any violation, the person who suffers material or moral damage is held responsible for this damage, and the data controller has the right to receive compensation in data works. Data controllers can also be applied to data jobs. The data controller is the person who obtains the data from the data subject for the first time. The data processor is the company with which the data controller shares personal data when necessary to carry out its activities.
For example; If a company that sells goods works with an external financial advisor while it is the data controller itself, while doing internal works related to its own business, the subject naming related to the situation in that relationship exchanged with financial advisory can be classified as financial affairs. There is not much information within the scope of KVKK because the law is new. There is no clear line about what is explained and how much.
It is not clear who is the data controller and who is not. In GDPR, everyone is responsible. We try to mold companies into some patterns because if data can be classified and named as a processor, some obligations may be waived. In GDPR this is not possible.
Only the person responsible for the administrative fines stipulated in the KVKK is the data controller. The data controller can then make a recourse to the data affairs under the general courts. “This happened because of you.”, “You are responsible for this violation and damage.” It can be said, but an uncertain process emerges.
What is responsible in the first place is more important. Since there is no process like GDPR, molding can be entered in the KVKK part. In agreements made between companies, when specified as a data processor, the other party becomes a data processor. The naming between us doesn't have much value either. What matters is the decision of the Personal Data Protection Authority.
The institution decides as a result of the naming of the personal data activity. It doesn't matter what the company and KVKK consultants say on this matter, but they still try to make names among themselves. In GDPR, whether you are a data controller or a data processor, you have a responsibility, in case of a possible mishap, you may be sued for compensation.
The situation of filing a compensation lawsuit in KVKK is not clear. Of course, lawsuits can be filed, but as with GDPR, it is not very clear whether the injured person is entitled to compensation.
In KVKK, there is a lawsuit for compensation, but there are more penalties and the enforcement of these penalties is mostly in the form of administrative fines.
In the future, it will become more common for a natural person with personal data to also sue for compensation. KVKK processes may also change when our citizens have more information about personal data and become familiar with the subject.