We provide support for you to implement the necessary technical and administrative measures for data privacy to minimize the number of data breaches we may face, minimizing existing risks and threats, prevent loss of reputation and revenue for your entity, and protect trademark value at the highest level.

Awareness: Trainings are organized in order to raise awareness among company employees within the scope of the Personal Data Protection Law and related regulations; In our trainings, following matters are discussed: enactment process of the Law, basic principles and concepts, explicit consent and obligation to inform, regulations regarding data transfer, measures to be taken regarding information security, crimes and misdemeanors, Board decisions and examples of good practices, and duties and responsibilities of departments and employees.

Data Mapping: As the first stage of our consultancy service, it is necessary to determine which personal data is processed within the scope of which activities, where it is stored, with whom it is shared, and to regulate the processes in which personal data is processed in a manageable format. For this purpose, following the information received from the related units and the meetings held, the personal data processing inventory is created, which maps the company’s personal data processing, usage, retention and sharing activities.

Personal Data Impact Analysis: The compliance of the personal data processing operations mapped by the Personal Data Processing Inventory with the regulations of the Law is assessed and the process is analyzed by our risk methodology. On the other hand, measures and actions to be taken to ensure full compliance with the relevant regulations are as follows; obligation to inform and explicit consent obligation and retention periods are determined on a process-based basis.

Information Security Risk Analysis: The technical and administrative measures to be taken by the companies to prevent the unlawful processing of personal data and unauthorized access to personal data should be determined and implemented. In this context, risk analysis is carried out within the scope of the Law on the Protection of Personal Data No. 6698 and international data security standards, the company is informed about the administrative and technical measures that can be taken and technology investment recommendations are presented.

Application: A road map is prepared to ensure full compliance and implementation of the actions determined on the Personal Data Processing Inventory, required documents are as follows; policies, clarification statements, explicit consent texts, application forms, and articles of agreement are prepared specific to the company. On the other hand, operational support is provided to the contact person during the VERBIS registration and notification process of the company in coordination with the relevant units.