12Mart2019

Personal Data Institution Updated the VERBIS & Deletion Processes

The protection of the personal data has become more of an issue day by day with the development of internet technologies and personal data stored digitally. In this manner, the Institution of Personal Data Protection (the “Institution”) is developing the national legislation and publishing additional sources for the practice to sustain both domestic information security needs and integration with the European Union.

In this regard, the Institution has published two more additional sources. The document of “VERBIS FAQ” is prepared by the Institution to guide data controllers who shall perform the obligation of register into the data controller registry info system (namely “VERBIS”) mentioned in the Art. 16 of the 6698 numbered Law. You may reach the FAQ document explains details about VERBIS in Turkish here.

In addition, a sample of the “Personal Data Retention and Destruction Policy” (the “Policy”) is published by the Institution on 10.03.2019 for the data controllers that have to register the VERBIS.

The sample Policy starts with explaining the aim, scope and definitions and states the title/unit/job description of the ones who participate the retention and destruction processes. The personal data record mediums are classified as “electronical” (e.g. software, usb etc.) and “non-electronical” with detailing each personal data classification to be recorded.

Both the legal reasons and processing tools that require to keep personal data along with the reasons to destruct personal data shall be determined in the Policy.

As is known, the data controllers are obliged to take all technical and administrative measures to prevent personal data to be processed, accessed illegally according to the Art. 12 of the Personal Data Protection Law. In this manner, the Policy to be prepared shall have technical and administrative measures to be taken.

Besides the data controllers should state “the destruction technics of the personal data” in their Policy. The disposal, destruction and anonymization of the personal data shall be explained separately for each data recording medium. The retention and destruction periods that are already took place in personal data processing inventory and VERBIS, shall also be mentioned in the Policy. These periods which should be determined for each process, shall be updated if necessary.

Our Company is providing consultancy service on the Personal Data Protection Law and General Data Protection Regulation compliance processes by combining best legal and technological substructure. Click for more information.

You may reach the full text of the sample Personal Data Retention and Destruction Policy published by the Institution, in Turkish, here.

Yazar CottGroup Hukuk ve Mevzuat Ekibi, Kategori Personal Data Protection Law

Notification!

The content in this article is for general information purposes only and belongs to CottGroup^® member companies. This content does not constitute legal, financial, or technical advice and cannot be quoted without proper attribution.

CottGroup^® member companies do not guarantee that the information in the article is accurate, up-to-date, or complete and are not liable for any damages that may arise from errors, omissions, or misunderstandings that the information may contain.

The information presented here is intended to provide a general overview. Each specific case may require different assessments, and this information may not be applicable to every situation. Therefore, before taking any action based on the information provided in the article, it is strongly recommended that you consult a competent professional in the relevant fields such as legal, financial, technical, and other areas of expertise. If you are a CottGroup^® client, do not forget to contact your client representative regarding your specific situation. If you are not our client, please seek advice from an appropriate expert.

To reach CottGroup^® member companies, click here.

About The Author

CottGroup Hukuk ve Mevzuat Ekibi

https://www.cottgroup.com

/tr/mevzuat/item/kvkk-saklama-imha-politikasi-verbis

Diğer Mevzuatlar

Public Announcement on Standard Contract Notification Module

Ecem Kumsal Başyurt

31 Ekim 2024

Hemen Oku
Regulation on the Procedures and Principles Regarding the Transfer of Personal Data Abroad

Semih Er

10 Temmuz 2024

Hemen Oku
The 8th Judicial Reform Package and Amendments to the Turkish Personal Data Protection Law (KVKK)

Berfin Erdoğan

8 Mart 2024

Hemen Oku