Within the scope of the Law on Protection of Personal Data, data controllers have to create their records to VERBIS for information regarding data processing activities and declare the personal data they process here. If there is no exception, this obligation covers all data controllers. The important date for companies that have not completed VERBIS registration within the scope of the GDPR compliance process is September 30, 2020. Companies that do not complete the compliance process and experience data breaches are expected to be fined up to 1.8 million TL.
*** This release is originally published in Turkish.
Google Translate Application translates the content you see on this page.***
ISTANBUL (TR) - According to the Personal Data Protection Law (GDPR) published in 2016, companies were required to record personal data used commercially. Until September 30, 2020, companies whose number of employees is more than 50 or annual financial balance sheet total exceeds 25 Million TL, and companies whose annual financial balance sheet total is less than 25 Million TL must register in the Data Responsible Registry Information System (VERBIS) until March 30, 2021. Stating that the administrative fine of 36,000 TL up to 1.8 million liras can be imposed on those who act contrary to the registration and notification obligation to VERBIS, Barikat Cyber Security CEO Murat Hüseyin Candan issued important warnings by transferring the legal obligations related to the GPDR compliance process.
Underlining that companies that do not complete the compliance processes with the Personal Data Protection Law will be subject to penalties in case of a possible data breach, Candan said, “Companies that cannot complete the GDPR compliance process may face imprisonment or fines in case of a possible data breach. Fines starting from 9 thousand 13 TL and can go up to 1 million 802 thousand 636 TL. In addition, companies may face loss of reputation and trust.”
Emphasizing that the process of completing VERBIS registration is only one step in the process of compliance with the Law on Protection of Personal Data, Candan said, “In other words, companies that have completed VERBIS registration complete only one phase of the GDPR compliance process. The remainder of the KVKK compliance process includes issues that need to be studied in more detail than registering VERBIS. In addition, organizations that do not need to register with VERBIS due to exceptional circumstances and are exempted from registration must also fulfill the GPDR compliance process.”
Summarizing the consequences that companies may encounter in addition to imprisonment and fines, Candan said, “The process of compliance with the Law on Protection of Personal Data includes taking all kinds of technological measures regarding personal data security as well as legal obligations. The sustainability of the security measures and measures taken by considering the principle of accountability and lawfulness is very valuable for the prestige of companies. Companies that do not complete their compliance processes may face penalties as well as loss of reputation and trust. That is, the real cost of data breach to organizations is much higher than penalties.”
Stating that they offer the Smart GDPR compliance system to companies to support the GDPR process, Candan said, “In this system we call Smart GDPR; It is aimed for companies to achieve fast and effective results by transferring all stages of the law's compliance process to users with a digital platform we have developed and specially prepared content. Thanks to this system, employees who are interested in the GDPR compliance process of the companies will have the opportunity to access the contents in which all their knowledge and experience is transferred, examine the sample materials and meet with consultants whenever they want to complete the adaptation process themselves. In this way, employees included in the system will be able to ensure the sustainability of the adaptation process after the process is completed. Therefore, companies will be able to carry out GDPR compliance processes at lower costs and by using their own resources efficiently. Thus, employees working within the Smart GDPR will also turn into GDPR compliance experts.”
Contact: Tülay Genç | [email protected] | +90 (850) 885 12 55