The Personal Data Protection Law is a law adopted in 2016 and published in the Official Gazette. The Law aims to protect the fundamental rights and freedoms of individuals, especially the right to privacy, in the processing of personal data and to regulate the obligations of real and legal persons who process personal data and the procedures and principles to be followed. In order to protect the fundamental rights and freedoms of individuals, the law has set forth different provisions.

Data Controller and Data Processor Concepts

The Personal Data Protection Law is a young law that entered into force in 2016. For this reason, it can be easily said that it has taken shape in accordance with the needs of our age. The purpose of The Personal Data Protection Law is to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data, and to regulate the obligations and procedures and principles to be followed by real and legal persons who process personal data. In line with this purpose, the law has made many regulations and tried to clarify the relevant concepts. The concepts of data processor and data controller are among the concepts regulated in the KVKK.

Personal Data Protection Law No. 6698 (KVKK) entered into force in 2016. The law, which aims to protect the rights and freedoms of individuals in the right way, stipulates its purpose in its first article as follows:

Data controllers are required to register with the Data Controllers Registry Information System ("VERBIS") within the scope of the Law Personal Data Protection Law No. 6698 ("Law") and the Regulation on the Registry of Data Controllers ("Regulation"). It is stated in the article 16 of the Law, "Natural or legal persons who process personal data shall register with the Data Controllers' Registry prior to the start of data processing." However, the procedures and principles regarding the obligation to register with VERBIS are determined by the Regulation.

In today's business world, the need for personal data protection has been ensured by the Personal Data Protection Law (PDPL), making it a priority for every organization. Human resources departments are responsible for collecting, managing, and storing extensive personal data, including sensitive data about employees and candidates. This data includes social security numbers, addresses, phone numbers, email addresses, medical records, and other personal data. Therefore, the significance of personal data protection in human resources cannot be overstated. We've outlined the critical factors that HR professionals should pay attention to when it comes to protecting personal data during the recruitment and active employment processes.

OTP (One-Time Password) is a security measure that protects against password-based attacks, especially password detection and replay attacks. OTP is created by generating a sequence of unique characters or numbers that cannot be reused. This technique is effective in reducing the risk of unauthorized login attempts and data theft. OTP was developed to provide an extra layer of authentication for personal data and critical organizational data in the event of cyberattacks.

A timestamp is an electronic record that keeps track of all transactions and approvals occurring in a digital environment. It is recorded through a computer, ensuring its integrity and proving its existence at a specific date.

According to Article 3, paragraph (h) of Law No. 5070 on Electronic Signatures (In Turkish), a timestamp is defined as "an electronically verified record with an electronic signature, provided by an electronic certificate service provider. Its purpose is to determine the time when electronic data is produced, modified, sent, received, and/or recorded."

Providing security of your information assets is part of Turkish Personal Data Protection Law (KVKK) and by creating an information security system for your business, having an ISO 27001 certification is the best way to document the measures taken by your organization in this context.

January 28, which is the Convention relating to Protection of Individuals Regarding Automatic Processing of Personal Data (In Turkish) was opened for signature between Türkiye and another 45 countries, has been declared as a Data Protection Day by the Council of Europe.