GDPR

Personal Data Protection Regulation (GDPR) aims to protect the fundamental rights and freedoms of people, particularly the privacy of private life, and to regulate the obligations of those who process these data. From the date of 07.10.2016, this law brings many responsibilities for all organizations that process personal data.

What will change with GDPR?

1. Administrative fine between 5.000 and 1.000.000 TL and prison sentence
2. Required technical and administrative measures to ensure data security
3. Responsibility of systematically identifying data responsible for data processing companies
4. All organizations that process personal data are affected by this regulation without any discrimination
5. Sata can not be processed without explicit consent of individuals
6. In case of request for information, companies have to give information to the GDPR institution within 15 days

What Personal Data Does Your Business Need To Protect?

• Personal information of employees (identification, address, date of birth, etc.)
• Personal information of customers / patients / guests (marketing databases, health records, contact lists)
• Non-public personal data of business partners and service providers
• Personal information transferred to third parties (accounting records, credit registers, direct marketing)

How Can You Keep Your Data Safe For GDPR Compliance?

Data control
Companies have to know how to use all the data they own. Where the data with sensitive content is moved, who uses this data and for what purpose kind of requirements should be viewed continuously.

Employee training
Each employee should know what data should be used. Companies can set data usage limits by informing employees about security policy.

Data usage rules
Companies must establish clear rules about who can work with personal data. These rules should not remain on paper and should be applied effectively.

Encryption
All data containing personal information must be encrypted. Companies must inform the use of encryption to entire company, including endpoints.

Data Loss Prevention (DLP)
Preventing data leakage should be implemented effectively and should cover all communication channels. Removable devices such as e-mail, printers, USB, DVD and other communication channels should be controlled to ensure that only certain data can be out of the company.