EN
×
WHAT ARE YOU LOOKING FOR?

What is KVKK?

With the widespread use of technology, accessing information and managing daily tasks has become increasingly convenient. However, this convenience also introduces certain risks. For example, while sharing content on social media, watching videos, using internet banking, shopping online, or playing digital games, we often share personal data—thereby creating our digital footprint.

A digital footprint is defined as “the trace of every activity performed in the digital world.” Every search made on search engines, price comparisons during shopping, purchases on e-commerce platforms, photos and videos shared on social media, comments or likes on blog posts or messages—all contribute to this footprint.

KVKK Nedir.jpg

What is Personal Data?
Personal data refers to “any information relating to an identified or identifiable natural person.” These include details that define our identity, such as name, date and place of birth, identification details, passport information, email address, phone number, photograph, résumé, fingerprint, and more. Additionally, social media posts and likes are also considered personal data as they reflect aspects of our identity.

The Law on the Protection of Personal Data No. 6698 (KVKK) was enacted on March 24, 2016, and published in the Official Gazette on April 7, 2016 (Issue No. 29677). This law protects the rights and freedoms of individuals in the processing of personal data shared either by legal obligation or personal choice. Since the failure to ensure data security can directly impact individuals, KVKK primarily aims to protect the data subjects rather than the data itself.

Under Law No. 6698, only personal data belonging to natural persons are protected. Data pertaining to legal entities are not covered. However, if data related to a legal entity can lead to the identification of one or more natural persons, such data may also be protected under the law. In such cases, the protection still centers around the personal data of the individual.

Rights Granted Under Law No. 6698

According to Article 11 of the law, individuals have the right to apply to the data controller at any time to:

  • Learn whether their personal data is being processed,
  • Request information if their personal data has been processed,
  • Learn the purpose of processing and whether the data is used in accordance with that purpose,
  • Know the third parties to whom personal data is transferred, domestically or abroad,
  • Request correction of personal data if it is incomplete or inaccurate,
  • Request deletion or destruction of personal data,
  • Request notification of correction, deletion, or destruction to third parties to whom the data has been transferred,
  • Object to any outcome against them resulting from the analysis of personal data exclusively through automated systems,
  • Demand compensation for damages incurred due to unlawful processing of personal data.

These rights can be exercised by submitting a request to the data controller via:

  • Written application,
  • Registered electronic mail (KEP), secure electronic signature, mobile signature, or the email address previously provided to and registered in the data controller’s system,
  • A software or application developed specifically for such requests.

The application must be submitted in Turkish and include the following: full name, signature (if written), residential or business address for notification, email address (if applicable), phone and fax numbers, Turkish ID number for citizens, nationality and passport or ID number for foreigners, and the subject of the request. Relevant documents and information must also be attached.

The data controller is obligated to respond to the request as soon as possible, and no later than thirty days. The response may either accept the request or reject it with justification. The reply will be sent to the individual either in writing or electronically and must include the applicant’s details, the subject of the request, and the data controller’s explanations and contact information.

Ways to Protect Personal Data

  • Do not share your personal information with others.
  • Enable Two-Factor Authentication (2FA) on your social media accounts.
  • Use different passwords for each website you log into.
  • Change your mobile application passwords at least every six months.
  • Avoid using easily guessable passwords that include personal data such as your name, birth date, or favorite sports team.
  • Do not open suspicious emails or click on links within them if you are unsure of the sender.
  • Avoid clicking on links in suspicious SMS messages. Remember, sender information can be easily spoofed.
  • Do not grant unnecessary access permissions (e.g., to photos, contacts, SMS, location) to mobile applications.
  • Avoid connecting to public, free Wi-Fi networks, especially when conducting financial or official transactions.

Sources:
https://kvkkblog.com/ilgili-kisi-haklari/
https://www.kvkk.gov.tr/

Hakan Cengiz

Hakan Cengiz

Director of Information Technologies
Back To Go