What To Do If You Find Out That Your Data Has Been Hacked

Our personal data is at risk of being compromised every minute of every day. So what should you do if you learn that your data has been compromised or misused? We have given the answer to this question in the most explanatory way, based on the Personal Data Protection Law.

In the internet age, basically no one’s personal information is safe, we all have to face this reality. ‘We entrust our data’data controllers‘, that is, any person/institution/company (legal entity) that receives this data from us and is legally obliged to protect it, can be attacked at any time. If attackers manage to defeat the security level of this institution using any attack method, they may gain access to some or all of our data.

Well, when the people/legal persons whose services we use cannot protect our data, that is, our data. when captured or our data, by data controllers when misused what should we do? In fact, the answer to this question is quite limited in the current conditions. Nevertheless, in order to shed light on the answer to this question, which has been bothering people lately, Personal Data Protection Authority and Personal Data Protection Law We have clarified the event as much as possible by taking the source.

First of all, let’s remind some obligations of data controllers:

We cannot have any definite information about when our data was transferred. In this regard, data controllers can also be at the same point as us. However, in case the data is obtained by others illegally, according to paragraph 5 of Article 12 of the Personal Data Protection Law, the data controller does not do this. It is obligatory to notify the relevant persons and the Board as soon as possible.. ‘As soon as possible’, pursuant to the Decision No. 2019/10 by KVKK Defined as 72 hours.

In addition, the data controller must ensure that the persons affected by the data breach are also aware of the situation, if they can be reached directly, or on their website if they cannot be reached. obliged to notify by appropriate methods.

However, as the data owner, we can request information about the situation without waiting for the explanation of the data controller, and if we find the response insufficient, we can directly complain to the Personal Data Protection Board. How Does?


According to Article 11 of the Personal Data Protection Law, each individual, by contacting the data controller

  • Learning whether personal data is processed or not,
  • If personal data has been processed, requesting information about it,
  • Learning the purpose of processing personal data and whether they are used in accordance with the purpose,
  • Knowing the third parties to whom personal data is transferred at home or abroad,
  • Requesting correction of personal data in case of incomplete or incorrect processing,
  • Requesting the deletion or destruction of personal data,
  • Requesting notification of third parties to whom personal data has been transferred,
  • Objecting to the emergence of a result against the person himself by analyzing the processed data exclusively through automated systems,
  • In case of damage due to unlawful processing of personal data, have the right to demand.

As the data owner, we have the right to send written requests regarding the implementation of the KVKK to the data controllers. Data controllers also make this request. within 30 days at the latest obliged to conclude free of charge (If the process requires cost, the data controller may charge a fee from the data owner). If the data controller accepts/rejects the request, it notifies the data owner in writing or electronically.

If your application is rejected, you find the response insufficient, or if your application is not answered within 30 days, You can make a complaint to the Personal Data Protection Board within 60 days from the date of application.. But here is something to remember:

  • IMPORTANT: You have to apply to the data controller before applying to the Authority pursuant to paragraph 1 of Article 13 and paragraph 2 of Article 14 of the Law. In other words, you do not have the right to complain directly to the Authority before trying to reach the data owner. Complaints made 60 days after applying to the data controller are not evaluated by the Authority. After your application to the data controller, you have to wait for a reply for 30 days. However, you can file a complaint if there is no response/if you find the response insufficient due to the above reasons.

In this context, as the data owner, we are legally obliged to first apply to the data controller and then to the KVKK. However, we will soon resort to a way in which this is not necessary either: Take the matter to court. Now, let’s explain how you can make a complaint after making a complaint to the data controller, since the necessary conditions are met.

I asked the data controller if my data had been compromised or said it had been compromised and presented evidence. However, I did not find the answer I received sufficient / I could not get an answer. How do I make a complaint to the Personal Data Protection Authority?

After reaching the data responsible party, for the reasons we mentioned above and if you do not get a response, you should contact the Personal Data Protection Authority. you can complain. To file a complaint, follow these steps:

kvkk complaint

  • KVKK’sComplaints Module‘ page to this link access by clicking.
  • Click to loginPress ‘ and log in to the platform with e-Government. If you are logging in for the first time, after the next step complete your profile.

kvkk complaint

  • Proxy, parent/guardian applications are not accepted electronically..’ taking into account the warningContinueClick ‘. If you are the persons referred to in the warning, log out of the platform.

kvkk complaint

  • Click on the ‘Complaints’ page from the left menu and click on the ‘Complaints’ page on the page that opens.Create New ComplaintPress ‘.
  • Have you applied to the data controller regarding your request under the law?‘ Answer the question. (As we mentioned, if you haven’t applied before, you can do it now. complaint will be deemed invalid.)

kvkk complaint

  • Check the boxes in the form that opens after answering. fill in the requested information.
  • Fields marked with are required to be filled.After filling in the required fields for your complaint ‘SavePress ‘. Then, by checking the information on the page that opens, ‘Confirm and Submit

Click ‘.After your complaint, if you receive new information that you need to convey, this information can be found in the ‘Complaint’ page.Add Detail/Document

You can add it by clicking ‘. Personal Data Protection Board, upon your complaint or if it learns about the alleged data breach, is responsible for the data to examine whether it is processed in accordance with the law

and is responsible for taking temporary measures in this regard when necessary.

You can also take action without reaching the data controller or KVKK regarding your problem:

kvkk judgment As data owners, we We have the right to take the matter to court without applying to the data controller.

In other words, you can directly bring any violation of your data to the judiciary without having to reach the data controller first. Finally, as the data owner, you can go to court for compensation for the damage you have suffered in the event of a data breach.You can claim compensation


  • You can never completely prevent the hijacking/abuse of your data. However, there are measures you can take to make this situation more difficult or to minimize the damage:
  • Never open suspicious or suspicious e-mails.
  • Make sure your devices are on the latest version.
  • Create and use complex strong passwords with upper and lower case, numbers, and special signs.
  • Use two-factor authentication on every possible platform.
  • Examine the addresses of the websites you will visit, stay away from suspicious addresses.
  • If the address of the website does not start with “https://” in the address bar, avoid giving your information to these websites.

When downloading files, be on the lookout for suspicious downloads.


With PCs That Guess 100 Billion Passwords Per Second, How to Create a Strong Password?


What is Two-Factor Security Measure and How Is It Used? If you do not want your information to be captured in any way,you should not use the internet

, you should not meet the people who use it….

source site-39