In today's business world, the need for personal data protection has been ensured by the Personal Data Protection Law (PDPL), making it a priority for every organization. Human resources departments are responsible for collecting, managing, and storing extensive personal data, including sensitive data about employees and candidates. This data includes social security numbers, addresses, phone numbers, email addresses, medical records, and other personal data. Therefore, the significance of personal data protection in human resources cannot be overstated. We've outlined the critical factors that HR professionals should pay attention to when it comes to protecting personal data during the recruitment and active employment processes.

Providing security of your information assets is part of Turkish Personal Data Protection Law (KVKK) and by creating an information security system for your business, having an ISO 27001 certification is the best way to document the measures taken by your organization in this context.

Although GDPR is a text that pursues and adopts the main principles stipulated by Directive 95/46, it has been introduced some regulations to be more compatible with today's requirements intended for the new needs arising from the latest technologies.¹ However, the concepts of "consent" and "explicit consent" which are the elements that provide legal legitimacy for the processing of personal data in Directive 95/46, and the terminology that created within the framework of these concepts, continued to be used in the EU General Data Protection Regulation. It is required that consent must "unambiguously" given in Directive 95/46. In case of the processing of personal data, it is stipulated that the condition of explicit consent is required. The conditions for the validity of the consent are also regulated in Article 4 of the EU General Data Protection Regulation. The elements specified in this Article provide the validity of both types of consent.