Personal Data Management

Our experienced team in the field of protecting personal data is ready to present services to companies and agencies that wish to comply with the Personal Data Protection Law with BS 10012 Personal Information Security Management System standard consultation.

The personal data that is defined as “any kind of information that make it possible to identify individuals” in the Protection of Personal Data Law No. 6698 dated 24/3/2016, is often collected, processed, shared and stored by the private and public sector. Personal data is sometimes information on citizens, customers or company employees.


When it is considered that personal information is usually information that is entrusted by the actual owners of the personal data like citizens, customers or company employees to the company or organization; there is a question of the companies and organizations collecting, processing, sharing and storing the data to be “accountable” for the information that has been entrusted to them. The Protection of Personal Data Law lays the groundwork for and assigns rules for companies and organizations processing personal data to be held “accountable”.


The main question that concerns companies and organizations is: “What can we do to be accountable for the personal data we have received from citizens, customers and company employees?” The companies and organizations that can answer this question will be compliant with the Protection of Personal Data Law.


The ability of companies and organizations to answer this question depends on:

  • Determining who is responsible for the personal data
  • Creating a personal data policy
  • Creating a personal data inventory
  • Managing risks in connection with personal data
  • Determining personal data collection methods
  • Determining personal data processing methods
  • Determining personal data storage methods
  • Determining personal data sharing methods
  • Determining personal data security methods
  • Determining personal data destruction methods
  • Determining methods for dealing with complaints about personal data


The basic principles concerning the personal data management work summarized above are defined in the BS 10012 Personal Information Management System Standard. This service will serve as a guide for applying personal data management work by companies and organizations that intend to comply with this standard and the Protection of Personal Data Law .



  • BS 10012 Gap Analysis
  • Preparation of Personal Information Inventory
  • Personal Information Risk Management
  • Installation of a Personal Information Management System


BS 10012 Gap Analysis The company’s business processes are examined to determine to what degree it is in compliance with the BS 10012 Personal Information Management Standard

requirements. Solutions are recommended for improving the deficiencies determined in the areas that compliance is not at the required level. This service is for companies that want an answer to the question “How compliant is your current status to the BS 10012 Personal Information Management System?”


Preparation of a Personal Information Inventory The company’s work processes are examined to determine personal information and sensitive information. For this information questions like what process it is used in, what settings it is stored in, who has access, how the backup is taken, how it is archived and how it is destroyed are determined. This service is for companies that want an answer to the question “What personal information are we using in our work processes?”.


Personal Information Risk Management

In the settings where all the company personal information is kept the threats that could affect this information and the vulnerabilities that prepare the groundwork for these threats are determined taking into account confidentiality, integrity and accessibility requirements. The levels of personal information risks are calculated by determining the impact on work processes and the possibility of threats occurring. Action plans are prepared for the risks that are decided to be minimized. This service is for companies that want an answer to the question “What are our personal information risks and how should we manage these risks?”.


Installation of a Personal Information Management System This task includes the installation of a management system in accordance with the BS 10012 standard to achieve management of personal information and make compliance with the Personal Information Protection Law easier. This service is for companies that want an answer to the question “How can we establish personal information management end to end in accordance with good practices and standards.

Contact us
For more information you can contact our representer.
I have read the PDPL note and I confirm the terms. I consent to receive newsletters and to take promotional offers from Innova in the light of the information (e-mail, phone) that I have shared(*)
Contact us