With the development of technology and the expansion of the communication network, data sharing in the world has gradually increased. But unfortunately, as shared data increases, so does its malicious use. In order to protect our personal data and prevent it from being used outside the places where we allow it, government agencies introduce certain regulations.
Laws and regulations such as GDPR (general data protection regulation) in Europe, ccpa (california consumer protection act) and others in america, kvkk (law on personal data protection) in Turkey are in force and these regulations are being tightened day by day and criminal sanctions are introduced.
However, in order for some systems to function, the data must be processed in a way that does not compromise the data security of the person concerned.
The processing of data is described in Article 3 of the KVKK 6698 as follows:
“refers to any operations performed on data, such as obtaining, recording, storing, retaining, modifying, rearranging, disclosing, transferring, acquiring, making available, classifying or preventing its use” (6698 sec. Kvkk, m.3.1/e)
There are certain conditions for deleting, destroying and anonymizing personal data in the case of erasure, destruction and anonymization of personal data. According to KVKK, the storage of personal data is limited only to the duration of the purpose for which the data serves. For example, the data of people who participated in a raffle must be deleted after the draw is over.
In the law, this is clear
“... although processed in accordance with the provisions of the law, the personal data are deleted, destroyed or anonymized by the data controller, if the reasons requiring its processing disappear, are deleted, destroyed or anonymized by the data controller. “
stated in the form (6698 sk. Kvkk, m.7.1).
According to Article 11 of regulation 30224 published in the Official Gazette, if the data controller has drawn up a personal data retention and destruction policy, he determines the time required to permanently delete, destroy or anonymize personal data.
The time interval during which periodic destruction will take place must be clearly indicated in the text of the kvkk permit collection, and in any case it cannot exceed six months. If the data controller does not have the obligation to draw up a personal data retention and destruction policy, it will delete, destroy or anonymize the data within 3 months from the date on which the responsibility to delete, destroy or anonymize the personal data arises. If necessary, the personal data protection board may shorten this period.
The periods of time vary in requests to delete and destroy personal data that the person concerned may generate by contacting the data controller in accordance with Article 13 of the KVKK. In this case, after fulfilling the request for deletion or destruction of the data of the data subject, if all the conditions for processing the data have been eliminated, he must inform the person concerned by concluding it within a maximum of thirty days.
If the data has been transmitted to third parties for the purpose of processing before the request is made, the data controller shall inform the third parties of the situation and the necessary actions are carried out within the scope of regulation 30224. If the conditions for processing personal data have not completely disappeared, the request of the person concerned may be refused by indicating the reasons, by notifying them in written or digital form no later than thirty days.
If you are a data controller and a person appeals to you about the deletion, destruction or anonymization of their data, you should definitely consult your lawyer.
In the digital environment, “cookies” are used to store personal data on the Internet platforms on which we use and on each website. Cookies are small files stored by users in browsers when a website is visited. They can save small information on your computer or phone and then read it when you visit the page again.
In general, cookies tend to constantly improve your browsing and personalize sites. It transfers what people are looking for on the website to their browser records and keeps them in their history. It allows a website by keeping the movements on the website in the browser.
The most common browsers internet explorer, firefox, safari, opera, google chrome offer each user the necessary settings in the settings panel to allow cookies (cookies).
Cookies are automatically allowed when browsers are first installed and started to be used. Options in the settings section of the browser can be used to block it.
Cloud servicesaccording to the publication “kvkk with examples” of the board for the protection of personal data;
“If a private company contracts with a cloud service provider for the storage of personal data it collects, the cloud service provider is the data processor. Because under the contract between the parties, it is not possible for the cloud service provider to use the data for its own purposes. In addition, the cloud service provider itself does not collect data. Its only activity is to store personal data from the company again in accordance with the instructions of the private company. “
Accordingly, the data stored in cloud services does not constitute a violation of kvkk. Correct collection of cookies (cookies) In order to ensure the data security of users visiting the website, cookies must be collected in accordance with the KVKK. For this purpose, consent must be given in a clear and understandable way where, for what purpose and in what way the data of the persons are used.
Collecting consent from Kvkk is not a requirement in Turkey, but when you provide the cookie policy to users, you show that you care about their privacy. If you collect personal data with the site services under the Personal Data Protection Law No. 6698, which came into force in 2016, you must inform users about this and obtain their consent.
In accordance with the General Data Protection Regulation (GDPR), which came into force in 2018, the cookie policy and notification are a legal obligation if you have an institution in one of the European Union countries or if there are visitors to your site from the EU. If there is an English version of your website and if you sell abroad, you are still obliged to add a cookie policy and notice in accordance with the regulations.
You can use the efilli consent management platform to provide detailed information about cookies and manage your cookies with domestic servers on the domestic platform.
You can get detailed information by contacting us immediately: [email protected]
Disclaimer: All rights to any articles and content published belong to Efilli Software. All or part of any content, such as text, audio, video, and even if the source is shown or the active link is provided, cannot be used, published, shared or modified.
