Legal Liability Arising from the Protection of Personal Data
I. Obligation To Protect Personal Data
Personal data is any information relating to an identified or identifiable natural person. This information may be related to the personal values of the person, his/her assets or the physical and social environment in which he/she lives. Although personal data is not a secret most of the time, real persons, as they are social beings, disclose many of their data to other real and even legal persons with whom they are in contact.
Data Controller and Data Processor Within the Scope of KVKK And GDPR
Data Controller and Data Processor Concepts
The Personal Data Protection Law is a young law that entered into force in 2016. For this reason, it can be easily said that it has taken shape in accordance with the needs of our age. The purpose of The Personal Data Protection Law is to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data, and to regulate the obligations and procedures and principles to be followed by real and legal persons who process personal data. In line with this purpose, the law has made many regulations and tried to clarify the relevant concepts. The concepts of data processor and data controller are among the concepts regulated in the KVKK.
Obligation to Inform and Scope
Obligation to Register to the Data Controllers Registry Information System (Verbis)
Data controllers are required to register with the Data Controllers Registry Information System ("VERBIS") within the scope of the Law Personal Data Protection Law No. 6698 ("Law") and the Regulation on the Registry of Data Controllers ("Regulation"). It is stated in the article 16 of the Law, "Natural or legal persons who process personal data shall register with the Data Controllers' Registry prior to the start of data processing." However, the procedures and principles regarding the obligation to register with VERBIS are determined by the Regulation.