Data Controller and Data Processor Concepts

The Personal Data Protection Law is a young law that entered into force in 2016. For this reason, it can be easily said that it has taken shape in accordance with the needs of our age. The purpose of The Personal Data Protection Law is to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data, and to regulate the obligations and procedures and principles to be followed by real and legal persons who process personal data. In line with this purpose, the law has made many regulations and tried to clarify the relevant concepts. The concepts of data processor and data controller are among the concepts regulated in the KVKK.

In today's business world, the need for personal data protection has been ensured by the Personal Data Protection Law (PDPL), making it a priority for every organization. Human resources departments are responsible for collecting, managing, and storing extensive personal data, including sensitive data about employees and candidates. This data includes social security numbers, addresses, phone numbers, email addresses, medical records, and other personal data. Therefore, the significance of personal data protection in human resources cannot be overstated. We've outlined the critical factors that HR professionals should pay attention to when it comes to protecting personal data during the recruitment and active employment processes.

Providing security of your information assets is part of Turkish Personal Data Protection Law (KVKK) and by creating an information security system for your business, having an ISO 27001 certification is the best way to document the measures taken by your organization in this context.