LarinSoft

ISO 20000 Personal Data Management

“Personal Data Protection Law” No. 6698, published in the Official Gazette in TR on April 7, 2016, entered into force. The purpose of this law is to protect the fundamental rights and freedoms of individuals, especially the privacy of private life, in the processing of personal data, and to regulate the obligations of natural and legal persons who process personal data and the procedures and principles to be followed.

Explicit Consent: Consent that is based on information on a particular subject and is expressed with free will.
Anonymization: Making personal data incapable of being associated with an identified or identifiable natural person in any way, even by matching with other data.
Relevant Person: The natural person whose personal data is processed.
Personal Data: Any information about an identified or identifiable fact.
Processing of Personal Data: Obtaining, recording, storing, preserving, changing, rearranging, disclosing, transferring, taking over, making available personal data fully or partially automatically or non-automatically, provided that it is a part of any data recording system. It is all kinds of operations performed on data, such as classification or prevention of use.
Special Quality Personal Data: These are the data that may cause discrimination or victimization about the person concerned, in case of learning special quality personal data. Therefore, they need to be protected much more strictly than other personal data. Special categories of personal data may be processed with the express consent of the person concerned or in limited cases listed in the Law. In the law, special categories of personal data are determined by limited counting. These; data about race, ethnic origin, political opinion, philosophical belief, religion, sect or other beliefs, costume and clothing, membership to associations, foundations or unions, health, sexual life, criminal convictions and security measures, and biometric and genetic data. Special categories of personal data cannot be extended by comparison.
Data Processor: The natural or legal person who processes personal data on behalf of the data controller, based on the authority given by the data controller.
Data Registration System: A registration system in which personal data is processed and structured according to certain criteria.
Data Controller: The natural or legal person who determines the purposes and means of processing personal data and is responsible for the establishment and management of the data recording system.
Registration in the Verbis system
Data inventory preparation
Determination of personal data collection policy
Determination of the personal data collection policy of a special nature
Preparing lighting text
Preparing an explicit consent text
Awareness training
Taking administrative and technical measures
Establishment of system and physical security measures
Determination of personal data destruction policy
Determination of the destruction policy of private personal data
Performing inspections

ISO 27701

Personal Data Management

ISO 20000 Personal Data Management

R&D Office

Contact