In recent years, awareness about the security of personal data in our country and the precautions taken in this regard have been fully ensured by law numbered 6698 published in the Official Gazette on 7 April 2016. Indeed, the lack of laws and legislation brought problems in the interaction of our country with foreign companies doing business. With the Law on the Protection of Personal Data, which has been passed for a period of about 2 years, the businesses are only aware of the seriousness of the business after April 7, 2018, when the law was officially enforced. On the other side of the medallion is the approach of companies that offer solutions to the Personal Data issue. By marketing this law with the solutions they have, these firms are adopting an approach that scares the way to scare by emphasizing the size of the penalties usually imposed by the law. However, it is important for enterprises to understand and be aware of the essence of this law with the right approach.

The Law on the Protection of Personal Data No. 6698 is generally spoken on the market that the legal side is heavily pressed and technical measures are the other subject. The leading bureaucrats and firms in the industry, especially in the field of lawyers' bureaux, support this approach. However, when the essence of work is examined, it is obvious that the law should be placed on 3 legs. This triple leg, which is defined as legal, technical and quality, has been seen both in terms of continuity and in the scope of its studies. To best describe this, think about gravel, sand and water placing in a container. To fill this law with the legal (gravel) framework and its boundaries, then to apply the technical measures (sand) and to connect them together with the defined frameworks; the most recent solution will be to complete it in a way that is intertwined with quality (water) and solidifies continuity.

Let me summarize this through a concrete example. Suppose the destruction procedure is defined and written in accordance with legal procedures. The responsibility for proof of records of transactions made under the law is the Data Owner. Therefore, it is possible to carry out destruction processes in electronic media and to collect the related evidence by the existence of a technical infrastructure. For this, the registration of information such as electronic signature, time stamp or similar proof infrastructure must be constructed. A quality sustainable process enables the operation of the dual control mechanism, which many standards emphasizes, and the interaction between the different departments supporting each other. Thus, when KVKK is constructed on 3 legs, it completes the whole harmonization process.

Legal, Technical and Quality and KVKK Compliance Consultancy Service
As stated in the above sections, the law, the technique and the quality are mutually worthwhile, but they are so far apart. Therefore, it is not possible to dissolve these studies in a single expertise pot. It is unthinkable for these studies to be one source, while legal, technical and even quality issues are the subject of discrimination and expertise. KVKK compliance counseling actually requires that these processes be carried out at least by three specialists. Another issue is that the experts speak the same language to each other. When these conditions are met, compliance consultation will be on-site and accurate.