ASEXECUTIVE Consulting
GDPR (General Data Protection Regulation)
The EU General Data Protection Regulation (GDPR) is the most important change to data security in the last 20 years. This law, adopted by the European Parliament on 14 June 2016, came into force from 25 May 2018 and imposes heavy penalties on organizations that do not comply with GDPR compliance laws.
GDPR (General Data Protection Regulation) is the European General Data Protection Regulation. It is a regulation created across Europe to protect the personal data of European Union citizens. GDPR covers all businesses that host personal data of citizens within the borders of the European Union.
Why Do We Need GDPR?
It went into effect in 1995 before GDPR. There was also a Data Protection Regulation very similar to GDPR, with some circumstances in it. Over time, this statute needed to be updated.
GDPR, like the Data Protection Law before it, is a law that aims to strengthen the data protection of individuals. More than any previous law, GDPR covers the entire European Union.
It handles personal data outside the EU borders.
Article 3 of the GDPR deals with Territorial Scope. In the second part of the article, if an organization established outside the EU provides products and services to data owners living in the EU or monitors the behavior of a natural person in the EU even if it is not based on any payment, these are sufficient indicators to show that the organization is competent. It is subject to GDPR. To interpret the relevant article of the law; For example, if you offer services and products on your organization's website in one of the languages spoken in the EU, you are in Increased Regional Coverage. If you collect people's data from a contact page and provide them with a list of currencies and prices used in Europe, you are within the scope of GDPR. Also, this includes identifying people's data by profiling, their habits, and obtaining their IP addresses using cookies, for example through a website or other methods. is being evaluated. On the other hand, if you are involved in importing, exporting and any commercial activity with EU member states, you must meet the GDPR compliance requirements.
What are the Tips for GDPR Management Process?
Documentation Management
Documentation must be managed, traceable and secure accessibility must be ensured.
Strong communication with the relevant party
The most effective communication will need to be found and provided how to lead the development, the board must have a specific communication strategy and constant contact with the person concerned. The means of communication are also very important. Relevant communication tools such as brochures, posters, advertisements, press conferences and e-mail can be used. When choosing communication approaches, it should be determined what the target audience will be, what their needs are and what their level of interest is. Communication should be evaluated. There should be sufficient time to see the effects of the communication.
Violation Management
When there is a violation, it is necessary to determine a bylaw, a procedure for how the violation event will be managed. The regulation should be applied to the extent possible. It is very important to first prepare the plan, then how the intervention will take place and the continuation of the follow-up.
Awareness of GDPR
The main condition for ensuring GDPR awareness is education. A planned and systematic training process should be carried out. Awareness and training should be provided to help the organization increase its competencies and move forward towards data protection goals.
Does your effort for KVKK meet the necessary GDPR compliance requirements?
Organizations based in Turkey are significantly misleading, as the GDPR concerns the personal data of EU citizens living inside or outside of Europe.
Likewise, many organizations outside the EU region have a similar perception.
For example, as in 2018, according to various studies, 50% of American companies think that they will not be affected by GDPR.
Only 12% of Asia-Pacific companies are prepared for GDPR.
What are the basic needs for GDPR compliance?
-
Risk assessment and establishment of organizational controls
-
Determination of data flows and preparation of data inventory
-
Defining legal responsibilities
-
Taking all necessary precautions regarding data protection processes and establishing an end-to-end data security infrastructure
-
Appointment of DPO (Data Protection Officer)
-
Updating existing policies and procedures, drafting and reviewing Binding Corporate Rules (BCRs)
-
Reviewing communication processes in marketing and social media channels
Sanctions in case of GDPR Violation and Data Breach
In the event of a data breach under GDPR,
A fine of up to 20 Million Euros or 4% of the global turnover of the previous financial year will be imposed.