Fully comply with Data Protection Law
Personal data, defined as “any information that makes it possible to identify individuals” in the Protection of Personal Data Law No. 6698 dated 24/3/2016, is often collected, processed, shared, and stored by the private and public sectors. Personal data is sometimes information on citizens, customers, or company employees.
Personal data is usually the information entrusted by the actual owners of the personal data, such as citizens, customers, or company employees, to the company or organization. There is a question of the companies and organizations collecting, processing, sharing, and storing the data to be “accountable” for the information that has been entrusted to them. The Protection of Personal Data Law lays the groundwork for and assigns rules for companies and organizations processing personal data to be held accountable.
The main question that concerns companies and organizations is: “What can we do to be accountable for the personal data we have received from citizens, customers, and company employees?” The companies and organizations that can answer this question are compliant with the Protection of Personal Data Law.
The basic principles of personal data management work summarized above are defined in the BS 10012 Personal Information Management System Standard. This service serves as a guide for applying personal data management work by companies and organizations that intend to comply with this standard and the Protection of Personal Data Law.
The company’s business processes are examined to determine to what degree it complies with the BS 10012 Personal Information Management Standard requirements. Solutions are recommended to improve the deficiencies determined in the areas where compliance is not at the required level. This service is for companies that want to answer the following question: “How compliant is your current status to the BS 10012 Personal Information Management System?”
The company’s work processes are examined to determine personal information and sensitive information. For this information, questions like what process it is used in, what settings it is stored in, who has access, how the backup is taken, archived, and destroyed are determined. This service is for companies that want to answer the following question: “What personal information are we using in our work processes?”
In the environments where all personal information is kept, the threats that may affect this information and the vulnerabilities that predispose to these threats are determined by considering the confidentiality, integrity, and accessibility requirements. The levels of personal information risks are calculated by determining the impact on work processes and the possibility of threats occurring. Action plans are prepared for the risks that are decided to be minimized. This service is for companies that want to answer the following question: “What are our personal information risks, and how should we manage them?”
This task includes installing a management system compliant with the BS 10012 standard to achieve management of personal information and make compliance with the Personal Information Protection Law easier. This service is for companies that want to answer the following question: “How can we establish personal information management end to end following good practices and standards?”
Technical Support
444 5 INV
444 5 468
info@innova.com.tr