Data Protection Compliance Projects
Provided Services
A) Creating KVKK Compliance Infrastructure
- Preparation of Personal Data Processing Inventory
- Corporate policies (access, information security, use, storage, and disposal, etc.)
- Contracts (Between Data Controller-Data Controller, Data Controller-Data Processor)
- Privacy commitments
- Periodic and/or random audits within the institution
- Risk analysis
- Labor Contract, Discipline Regulation (adding provisions in accordance with the Law)
- Corporate communication (crisis management, informing the board and the relevant person, reputation management, etc.)
- Law booklet
- Violation notification form
- Information document
- Audit question sets
- Process reports
- Authority matrix
- Authority control
- Access logs
- User account management network security
- Application security encryption
- A penetration test (to be applied to the central system only)
- Intrusion detection and prevention systems
- Log records
- Data masking
- Data loss prevention software backup
- Firewalls
- Current anti-virus systems
- Deletion, destruction, or anonymization
- Key management
- Website privacy policy
- Cookie policy
B) Training
- Employee touching data, IT, HR, accounting, etc.
- Basic concepts
- Legislation
- Sanctions
- Management and sustainability of personal data security for managers
- Awareness test
C) Consultancy after Compliance Project
- Providing on-site technical support when needed
- Quick response to questions about data protection with comments and answers via e-mail or phone
- Regular checks on data security
- Providing legal support in responding to data owner applications
- Evaluation of contracts within the scope of KVKK and providing support
- Regular sending of bulletins containing developments in the field of the Law within the framework of Turkish and EU legislation
- Necessary training is given to the employees to ensure continuity in compliance.