We Are Here to Assist You on Your JourneyThrough the Protection of Personal Data
TRAININGS AND EVALUATIONS ON
PERSONAL DATA PROTECTION
All trainings required for all parties to fully fulfill their responsibilities within the scope of protecting personal data are designed and tailored to your needs as fast, accurate, and up to date.
Technological and legal developments in privacy and security have increased the requirements in the field of protection of personal data both throughout the world and in Türkiye. One of these requirements is trainings on privacy, security, and personal data protection.
These trainings create an opportunity for development by contributing to the knowledge of the whole organization. Training on personal data protection also contributes to the performance of the staff by increasing their self-confidence in new practices and terminologies. Employees who acquire the necessary knowledge and experience in the field of privacy and security gain speed by acting with a higher level of understanding while completing their tasks.
In addition, these trainings are counted among the administrative measures related to Personal Data Security by the Turkish Personal Data Protection Board.
Accordingly, in the event of a cyber-attack that can harm the personal data security, it is extremely important to ensure the security by making the first necessary intervention, even if employees have limited information about cyber security. In addition to attacks aimed at violating personal data security, incidents such as unlawful disclosure or sharing of personal data are among the main personal data security breaches. These violations may also occur as a result of opening an e-mail attachment containing malware, or sending an e-mail to a different recipient and making personal data available to third parties by abusing the vulnerabilities of users, their carelessness or inexperience.
For all these reasons, it is extremely important for employees to be educated about issues such as not disclosing and sharing personal data unlawfully, conducting awareness studies for employees, and creating a security ecosystem where security risks can be identified and controlled.
Any changes in practices, policies and procedures related to personal data security should also be updated with trainings to be repeated in the future. Most important thing is to keep the knowledge about threats to personal data security up-to-date.
All these requirements necessitate to focus on the operational and technical needs in the area of privacy and security and to create a new corporate culture at the same time. As a result of this, enhancing the awareness of the organization on privacy and security and ensuring that all employees in all areas are mastered perfectly will also play an important role for the organization's goals and vision.
Your brand and commercial assets are among the most important values of your organization. All our studies in the area of privacy and security and all developments in this area will pose risks unless they are spread to all segments of the organization. Issues regarding personal data will adversely affect the reputation of your organization. By reporting the data loss to the Turkish Personal Data Protection Authority, various data breaches are made available to public and disclosed. This leads to a significant loss of reputation from a commercial point of view.
In order to prevent these risks, awareness should be increased with continuous trainings at all levels. In this way, it is possible to raise an overall, consistent, up-to-date privacy and security awareness within the organization.
Trainings on personal data should be provided to senior management and employees in the first place. In addition to this, trainings can also be provided to subcontractors, suppliers and clients that transfer data, if necessary, according to sectoral needs and organizational workflows.
Our teams provide training in the fields of personal data protection, privacy and security, technological requirements, data protection concept and awareness, and legal rights and obligations, at your workplace or through distance learning. Recording these trainings will be very important for your organization during the audits.
These trainings can also be provided as e-learning material (scorm compatible or via power point). You can publish e-learning materials on your own portal, or you can get this platform service from us, as well.
Training contents on Personal Data Protection are mainly as follows:
Basic Concepts of KVKK (Personal Data Protection Law)
- What is Personal Data?: Definition, examples, and importance of personal data.
- Special Categories of Personal Data: Definition, examples, and protection methods for sensitive data.
- Concepts of Data Controller and Data Processor: Who are data controllers and processors, their roles and responsibilities.
Personal Data Protection Law
- Purpose and Scope of the Law: Objectives and scope of KVKK.
- Innovations Introduced by the Law: Innovations and changes in practices brought by KVKK.
- Compliance with National and International Legislation: Compliance of KVKK with national and international regulations.
- Condition for Being Subject to KVKK and GDPR - Regional Scope: Regional differences and application areas.
- Differences in Application Between KVKK and GDPR: Differences and similarities between the two regulations.
Obligations of the Data Controller
- Obligation to Inform: Informing data subjects.
- Obligation to Register in the Data Controllers Registry: VERBIS registration and requirements.
- Creating a Personal Data Processing Inventory: Preparation and updating of the data processing inventory.
- Independence of Explicit Consent and Informing - Differences Between Them: Differences between explicit consent and the obligation to inform.
Obligations of Data Processors
- Definition of Data Processor: Who is a data processor and their roles.
- Contractual Obligations: Contract terms between data processor and data controller.
- Responsibilities of Data Processors: Responsibilities and obligations of data processors.
- Employee Data Responsibility - Criminal and Legal Sanctions: Employee data responsibility and potential sanctions.
Processing of Personal Data
- Conditions for Lawfulness: Conditions for lawful processing of personal data.
- Explicit Consent and Its Exceptions: Situations requiring explicit consent and exceptions.
- Principles to Follow During Processing: Principles and rules to follow in data processing.
- What are the Methods of Data Processing?: Different data processing methods and examples.
- Legal Grounds for Data Processing: Legal bases for processing data.
Storage and Destruction of Personal Data
- Retention Periods: Data retention periods and rules to follow.
- Destruction Methods: Methods and processes for data destruction.
- Creating a Data Destruction Policy: Preparation and implementation of data destruction policies.
Transfer of Personal Data
- Transfer of Data Domestically and Abroad: Conditions for transferring data domestically and internationally.
- Transfer Conditions: Requirements and conditions for data transfer.
- Transfer to International Organizations: International data transfer and rules to follow.
- Transfer of Personal Data Domestically and Abroad: How to transfer data domestically and internationally.
Rights of the Data Subject
- Right to Apply and Complain: Rights of data subjects to apply and complain.
- Right to Information and Access: Rights of data subjects to be informed and access their data.
- Right to Rectification and Erasure: Rights to correct and delete incorrect data.
- Rights of the Data Subject and Conditions to Meet the Data Subject's Request: Rights of data subjects and conditions for fulfilling these rights.
Data Security Measures
- Technical and Administrative Measures: Technical and administrative measures for data security.
- Risk Analysis and Management: Analysis and management of data security risks.
- Security Policies and Procedures: Preparation and implementation of security policies.
- Administrative and Technical Measures Under KVKK and GDPR: Measures to be taken under KVKK and GDPR.
Personal Data Breaches and Notification Obligations
- Breach Detection and Response Procedures: Detection and response procedures for data breaches.
- Notification Processes and Methods: Methods for reporting data breaches.
- Measures to Be Taken After a Breach: Measures to be taken after a data breach.
- What is a Data Breach?: Definition and examples of data breaches.
- What to Do in Case of a Breach: Steps to follow in case of a breach.
KVKK Compliance Process
- Compliance Strategies and Plans: Preparation of strategies and plans for KVKK compliance.
- Training and Awareness Activities: Training programs and awareness activities.
- Continuous Monitoring and Auditing: Continuous monitoring and auditing of KVKK compliance.
Current Developments and Practices Related to KVKK
- New Legislation and Regulations: Information on new legislation and regulations.
- Court Decisions and KVKK Decisions: Information on court decisions and KVKK decisions.
- Problems and Solutions in Practice: Problems encountered in practice and solution suggestions.
GDPR (General Data Protection Regulation)
- Purpose and Scope of GDPR: Objectives and scope of GDPR.
- Comparison Between GDPR and KVKK: Differences and similarities between GDPR and KVKK.
- GDPR Compliance Process: Compliance processes and requirements for GDPR.
- Data Processing Under GDPR: Conditions for data processing under GDPR.
- Data Transfer Under GDPR: Data transfer conditions under GDPR.
- Administrative and Technical Measures Under GDPR: Administrative and technical measures required under GDPR.
- GDPR Breach Notifications and Sanctions: GDPR breach notifications and possible sanctions.
Notification!
