top of page

KVKK Compliance Process

Thanks to ASExecutive's KVKK compliance and data protection solutions, it is up to you to step into a more successful digital future by securing your personal data processes...

Personal Data Protection Law (KVKK)

Due to the Personal Data Protection Law (KVKK), which entered our lives in 2016, organizations that do not have sufficient infrastructure and experience in the field of privacy and security have started to focus on this area.

Protection of Personal Data is directly related to the privacy of private life, which is one of the fundamental human rights.​

Before the KVKK in Turkey, the rules on the Protection of Personal Data were determined by the Turkish Penal Code, the Constitution and other environmental legislation.

The Law on Protection of Personal Data No. 6698 is the most important legal regulation in this area and the most severely enforced.

Subject to KVKK

Regardless of the organizational structure or the number of employees, all organizations in Turkey must have completed the KVKK compliance process by 2018.

Completion of the compliance process means that an organization regulates and manages all kinds of personal data belonging to its employees, employee candidates, suppliers, stakeholders, etc. in other words, all kinds of data subject to processes that define us, in accordance with the conditions stipulated by the law.

Even if your company is located within the borders of Turkey and provides services in Turkey, it will not be enough just to comply with the data protection processes and KVKK in Turkey.

You may also be subject to the EU's data protection practices i.e. GDPR. In this case, your compliance process, which will be implemented in your institution and whose sustainability will be followed, is both KVKK as well GDPRRequires  coverage.


 In today's world, your compliance process should cease to be an audit activity and become a routine business process, and personal data protection processes should be adopted as a corporate culture.

We offer solutions that will strengthen your security infrastructure with the knowledge we have gained about the movement of data within the organization.

We help you maximize the protection of personal data to ensure the continuity of confidentiality by determining your processes.

We review your current policies and procedures, identify areas for improvement and prepare them for you to ensure your compliance.

What can you achieve with the digital transformation and adaptation process?

Heavy criminal sanctions, cyber threats, unlimited and fast information needs of the information society necessitate digital transformation.


In the harmonization process, businesses that complete the technical and administrative processes will have commercial advantages.

Businesses that complete the policy, procedure and infrastructure studies of privacy and security processes in order to complete the necessary compliance processes and protect their data will significantly reduce their risks.

Today, an important part of ensuring customer satisfaction goes through digitalization.


The fast and secure digital interaction of customers with the organization greatly increases loyalty and trust.

The fast and secure sharing of the right information increases the agility, belief and trust and employee loyalty within the organization.

The basic principles regarding the processing of personal data should be carried out in accordance with these principles:

Compliance with the law and honesty rules

Being connected, limited and restrained with the purpose for which they are processed

Being accurate and up to date

Processing for specific, explicit and legitimate purposes

Retain the least amount of data required

To be stored for the period required by the relevant legislation or for the purpose for which they are processed.

Sanctions in Case of Violation of KVKK;

In case of violation of the obligation to inform;

2016 (Amount in Law) :    5.000 ₺ - 100.000 ₺

2022 (Current Amount) :    13,391 ₺ - 267,883 ₺

In case of breach of obligations regarding Data Security;

2016 (Amount in Law) :    15.000 ₺ - 1.000.000 ₺

2022 (Current Amount) :    40.179 ₺ - 2.678,863 ₺

In case of contradiction to the decisions made by the Board;

2016 (Amount in Law) :    25.000 ₺ - 1.000.000 ₺

2022 (Current Amount) :    66,965 ₺ - 2,678,863 ₺

In case of violation of the obligation to register and notify the Data Controllers Registry;

2016 (Amount in Law) :    20.000 ₺ - 1.000.000 ₺

2022 (Current Amount) :   53.572 ₺ - 2.678,863 ₺

In case of unlawful processing of personal data;

1 - 3 years imprisonment, increased by half for sensitive data

In case of illegally giving or obtaining the data;

2 - 4 years in prison      _cc781905-5cde-3194_bad5cf58d_   _cc781905-5cde-3136d_badcfcf3b3b-36bad5cf583bd       _cc781905-5cde-3194-bb3b3b-136bad  _cc781905-5cde-3194- ccde-3194cf13631365c5cf3b31994cbdc13653155cf -bb3b-136bad5cf58d_       _cc5819_f58cf31365cde-cc5819_f583353bbd_cc581994-bb335359cde-3194-bb3b-136bad5cf58d_cc-5819_f58cf313353bd_cc581934-bb3153bd -5cde-3194-bb3b-136bad5cf58d_      136bad5cf1905cde_cc781905-5cde-3194-bb3b-136bad5cf1931305c_ bb3b-136bad5cf58d_       _cc 781905-5cde-3194-bb3b-136bad5cf58d_     

In case personal data is not deleted within the period determined by law;

 1 - 2 years in prison    _cc781905-5cde-3194_cfcf583b-cc781905-cc781905-bb3b-cc781905-5cde-3194_cf3583bd -5cde-3194-bb3b-136bad5cf58d_      136bad5cf1905cde_cc781905-5cde-3194-bb3b-136bad5cf1931305c_ bb3b-136bad5cf58d_       _cc5819_f583bd_cc781904-bb3353b_cc581905cf335359cde-3194-bb3b-136bad5cf58d_ _cc5819_f58cf313353b_cc581994-bb3353bd_cc581994-bb3353b3b3b-136bad5cf58d_ _cc781905 5cde-3194-bb3b-136bad5cf58d_     _cc781905-5cde-3194-bb3b-136bad5cf58dcf58d_bb3b3b3b3b3b5cf781905-5cde-3194-bb3b-136bad5cf58dcf359c359c3cc781905cf5cf58dc359c3b3cf58dcf5c5cf58dcf5c359 -136bad5cf58d_       _cc7 81905-5cde-3194-bb3b-136bad5cf58d_     _cc781905-5cde-3194-bb3b-136bad_cf58-311994 -bb3b-136bad5cf58d_

bottom of page