The Law on the Protection of Personal Data No. 6698 has clearly set out the obligations that the data controller must fulfill. These are the technical and administrative measures that the data controller should take to ensure that personal data is kept in accordance with the law, as well as reminding the data subject of his/her rights before the processing of personal data, thus fulfilling the clarification obligation and obtaining explicit consent, registration in the Data Controllers Registry, Responding to the applications made by the relevant persons who turn to the data controller and Fulfilling the Board Decisions are the obligatory duties enumerated by the Law No. 6698.
The fulfillment of these obligations will be possible with an analysis and evaluation to be made to answer the question of what we have in the current situation, how we can proceed to the ideal situation by spending the least resources, rather than being based on a template.
This process also necessitates the realization of a special design for whichever institution, institution or organization a study will be performed. Since the opposite attitude will be the result of a study to be developed with a rote method, a possible setback may cause the existing system to be questioned completely, and it also carries the possibility of increasing the size of the judicial and administrative sanctions that may be encountered.
In this sense we,
- Prepare the terms of reference / tecnical specifications for the firms who wants to get GDPR/Data Privacy compliance services.
- Give consultancy about how to apply technical and administrative measures,
- Provide training specific to the needs of institution,
- Develope personal data inventory,
- Establish a proof system in accordance with the security measures taken,
- Integrate cyber security measures with and data protection systems in critical infrastructures,
- Prepare personal data and cyber security policies,
- Make suggestions about the system infrastructure and system requirements that are considered to be operational within the scope of Personal Data Protection,
- Integrate penetration test results with personal data protection system,
- Ensure compliance of documents, contracts and policy documents belonging to the data privacy systems,
- Follow-up of applications to be put forward about personal data and lawsuits filed by interested parties in this context,
- Create and track policy and strategy development studies to minimize applications and damages that may occur after personal data leaks are some of the studies that our office has developed within the scope of its approach to data privacy management activities.