2020 KVKK & GDPR February Newsletters Headings
2020 KVKK & GDPR February Newsletter Decision Summaries of the Month
- The Cypriot Supervisory Authority Fines Louis Group of Companies Using the “Bradford Factor System”
- Microsoft Corporation - Data Breach Notification
- Italian Data Protection Authority (Italian SA) Fined 27.8 Million Euros to TIM Operator due to Marketing Methods
- Amendment on the Regulation Regarding Information In Insurance Contracts Has Been Published
- Norwegian DPA Fined Oslo Municipality's Education Agency Due to An Application
- The Belgian DPA Fined 15.000 Euro to A Website Specialized in Legal News
2020 KVKK & GDPR February Newsletters Information Guide
Administrative Measure: Policies and Procedures on Protection of Personal Data
Establishment of policies and procedures for ensuring personal data security is one of the administrative measures also included in the Guidelines of the Authority. Preparing policies and procedures not only for ensuring personal data security but also for all personal data protection processes, will identify the risks in advance and provide necessary measures to be taken. This will provide organizations with a more comfortable event management.
Technical Measure: What is a Penetration Test? How does it function?
According to Article 12 and Paragraph 1 of KVKK, data controllers are obliged to take all necessary technical and administrative measures to prevent the unlawful processing of personal data, to prevent unlawful access to personal data and to ensure that personal data are stored in accordance with the law. These measures are detailed in the Personal Data Security Guide published by the Authority and specified in the notification phase to VERBIS.
2020 KVKK & GDPR February Newsletters Legislation Analysis
- Erasure of personal data: Making personal data inaccessible and unusable for related users.
- Destruction of personal data: Making personal data in no way accessible, retrieved and reusable by anyone.
- Anonymization of Personal Data: Making personal data unassociated to an identifiable or identifiable natural person by any means, even if it is matched with other data. This association should not be made by recipient groups and others, including the data controller.