What Should be Done to Protect Personal Data ?

What Should be Done to Protect Personal Data ?

The popular question of “Do you approve the sharing of your personal data?” when surfing on the internet or shopping online is getting much more attention nowadays. What is sharing of personal data and why is it needed to be protected? Let's take a quick look at the issue of protection of personal data…

What is personal data?

Your personal data can be summarized as your race, religion, sect, ethnicity, political thought, philosophical belief or other beliefs, association / foundation / union membership, disguise, health, sexual life, criminal conviction, biometric and genetic data, telephone number, SSI number, your personal information such as your resume, video and audio recordings or even your hobbies. According to the law, all data that makes a person directly or indirectly identifiable is considered personal data.

Why is the protection of personal data important?

In the age of information and communication, the collection of personal data has become a necessity in every stage of social and economic life, and the need to prevent abuse of this data by malicious people has emerged.

It may arise as a result of misapply or misuse of personal data collected in order to provide adequate public services to citizens and to conduct economic activities in accordance with the conditions of the market economy.

According to the law number E:2013/122, K:2014/74 of Constitutional Court on April 9, 2014 “personal data as a valuable asset for commercial enterprises as a result of gaining the nature of the risks reaching widespread and important dimensions created by private sector elements and terrorism and the increased activity of criminal organizations in capturing personal data” has been much more important than before. That’s why personal data must be protected, and the violation of personal rights must be prevented. When all of your personal data comes together, it creates a unique data set and reveals everything about you. The protection of personal data is actually synonymous with the protection of your existence as an individual.

Your personal data is actually your fingerprint.
Your personal data is actually your fingerprint.

What is the law on the protection of personal data?

The “Law on Protection of Personal Data 66 (Law No. 6698), which was adopted in the Turkish Grand National Assembly on 24 March 2016 and published in the Official Newspaper dated April 07, 2016 and numbered 29677, protects personal data for both private and public institutions and regulates related processes and obligations.

The law also introduces criminal penalties for institutions that fail to meet the obligations defined in the law. For example, if personal data is used illegally and shared with third parties, it is possible to impose fines or imprisonments as specified in the law. In addition, people whose personal information is shared without their consent may be entitled to financial and / or moral compensation by filing a lawsuit.

Even before the enactment of the law, according to the decision of the 9th Civil Chamber of the Supreme Court of Appeal 2014/37215, 2016/9418 N, dated 14.04.2016, compensation penalty has been applied upon transferring of the personal file of an employee to his/her new company.

Considering the fact that similar criminal sanctions were imposed before the enactment of the present law, it is highly possible to be subject to much more serious penalties by new rules.

Unauthorized use of personal information is unlawful.
Unauthorized use of personal information is unlawful.

Ways to protect your personal data

According to lawyers, some basic principles must be observed in the processing and protection of personal data. The first one is to act in accordance with the law and honesty in processing of personal data. Your personal data can only be processed for clear, legal and stated aims by private and state institutions. There is also an important rule in keeping your personal data by these institutions. Namely, they need to maintain the period foreseen in the relevant legislation or for a period not exceeding the period for which the personal data are used.

Once you make your personal data available to another organization, you cannot prevent it from being used for any purpose. However, there is one thing you can do if you find out that this data is used out of its purpose and / or by third parties. In case your data is used, you have the right to request the elimination of the material to avoid any moral and financial damage you have suffered from. To do this, you must first contact the data officer.

What can you do if your claim is not fulfilled within 30 days? You can then make a complaint to Personal Data Protection Board at the latest within 60 days of the first application, along with a written or electronic response from the data officer. For detailed information and application, please visit kvkk.gov.tr.

Remember that protecting your personal data is just as valuable and important as all your other rights.