What are the GDPR and KVKK, whose names we have started to hear frequently after the privacy policy change of WhatsApp, what are the differences between them? We discussed both legal concepts with their most basic features and explained their prominent points. Especially in terms of application, the difference is quite remarkable.
After every data scandal in the world, lawyers appear on television talk shows. They talk about legal concepts that many citizens cannot understand, such as GDPR valid in Europe and KVKK valid in Turkey. And since the effects of data scandals last for a few months at the most, What is GDPR, What is KVKK, Questions such as what are the differences between them are briefly discussed and then removed from the public agenda.
In fact, both concepts refer to abbreviations of personal data protection regulations and impose strict rules and sanctions on companies that process our personal data, even if we are not aware of it. Of course, both regulations do not protect ‘us’, that is the main difference between them. What is GDPR and KVKK? We explained the differences between them in the most basic way and explained the important points that should not be forgotten.
What is KVKK?
The Law on Protection of Personal Data No. 6698, shortly KVKK, entered into force after being published in the Official Gazette on April 7, 2016. The purpose of the law; processes all kinds of personal data by observing the fundamental rights and freedoms of individuals. obligations of real and legal persons, to set the rules that they must abide by.
What is GDPR?
General Data Protection Regulation, General Data Protection Regulation, GDPR, on May 25, 2018 It has entered into force in the member states of the European Union. The purpose of the regulation; To protect the personal data of European Union citizens by observing the fundamental rights and freedoms. GDPR is the continuation of the European Parliament and European Council Directive 95/46/EC on the Protection of Individuals in Terms of the Processing and Free Movement of Personal Data.
What are the differences between KVKK and GDPR?
Scope of obligations determined by KVKK only the borders of the Republic of Turkey It covers data operations performed for In other words, the area of operation of a company that owns your personal data. If in EU or US region KVKK, which is a law of the Republic of Turkey, does not have any sanction power over this natural or legal person.
Although GDPR is in force in all European Union countries, its scope is much broader. no matter where you live All European Union citizens are protected by this regulation. In other words, even a company that carries out data operation in the US region has to comply with the obligations set by the GDPR if the owner of the personal data in question is an EU citizen.
Penalty in case of non-compliance with the obligations determined by KVKK the upper limit is 1 million TL, In case of non-compliance with the obligations determined by GDPR, the upper limit of the penalty is 4% of the annual turnover of the company in question or 20 million euros has been determined. The weight difference of the sanctions is quite remarkable.
According to KVKK, data processors are considered as ‘data controllers’ and these persons are briefly mentioned in the Data Controllers Registry Information System. It is obliged to register with VERBIS. GDPR, on the other hand, uses the concept of ‘data controller’ instead of the responsible concept and these people do not have any registration obligations to any institution or organization.
What data does KVKK protect?
It would not be wrong to say ‘everything’ for our personal data protected by KVKK. Because in the law for these data ‘any information pertaining to a natural person’ definition is used. This means that everything that makes you you is considered as personal data and protected according to the laws of our country.
Among the protected personal data; There are political views, race, religion, ethnic origin, philosophical belief, clothing, sect, non-governmental organization memberships, union memberships, sexual life, health information and many other personal information that you may or may not think of. How wide is the scope of your protected data? It’s pretty good to have.
Who does KVKK cover?
Protection regulations of KVKK all real citizens of the Republic of Turkey, obligations, on the other hand, cover all natural and legal persons carrying out data operations within the borders of the Republic of Turkey. The fulfillment of obligations is audited by the Personal Data Protection Authority.
What are KVKK penalties?
Applied to real and legal persons who do not fulfill the obligations determined by KVKK the lower amount of the administrative penalty limit is 5 thousand TL, the upper limit has been determined as 1 million TL. In addition to the administrative fines applied, the practices that will limit the data operations carried out by real and legal persons who do not comply with the obligations are also applied according to the said obligation that is not fulfilled.
With the changing WhatsApp privacy policy, we started to hear their names more. What is GDPR and KVKK, We answered the questions of what are the differences and explained the striking points. By knowing our rights regulated by law and our protected data, we can have a much more conscious internet experience.