KVKK Consultancy

In accordance with the Law on the Protection of Personal Data (KVKK), businesses (companies / natural person) employing 50 workers or with a financial balance sheet asset value of 25 million TL must register to the data controllers registry until 30/09/2020.


As Boğaziçi Legislation, we provide consultancy services to companies’ adjustment processes with KVKK.

KVKK, which aims to protect the information systems of company partners, employees, customers and suppliers, especially the personal data stored on computer programmes (personal information, telephone numbers, address, camera records, entry-exit times, location information, invoice values, etc.) has become mandatory in business practices to ensure personal safety.

Those who do not fulfil these legal obligations may face administrative fines between 20,000-1,000,000 TL, and also those who process this data illegally may face imprisonment from 1 to 3 years.



With 6 months of our work, we will follow the steps given below for the legal harmonization work plan in the areas of law, process, organization, data management and security.


The Work Program We Will Apply

  1. Publication of a clarification text,
  2. Job description of the data controller or its representative, if any,
  3. Company KVKK Team,
  4. Informing unit managers and the importance of inventory preparation,
  5. Appointment of a data representative (following the issuance of the regulations),
  6. Publication of data controller / representative identification information (board and regulation pending),
  7. Preparation of Personal Data Inventory and reporting to the board,
  8. Personal Data Procedure: ensuring security, how to delete / destroy, how to respond to requests, correspondence tracking, sharing method, permissions,
  9. Preparing the confidentiality text in the contracts,
  10. Determining explicit consent methods,
  11. Obtaining explicit consent / anonymization / destruction for old data,
  12. If necessary, revising and publishing the Clarification Text (identity of the data controller or its representative, the purpose of processing, the duration, to whom it can be transferred and why, the method and legal reason for data collection, the data owner rights)
  13. Preparing for and executing a general information announcement to company employees,
  14. Preparing and signing a letter of explicit consent in the Employment Agreement as required by the KVK law, constantly announcing the updated version from fields such as dashboard, portal
  15. Obtaining signature / commitment from employees with special circumstances such as Security, Reception, Call Centre, etc.
  16. Revision of the Information Security Commitment,
  17. Revision of feedback mails and customer complaint forms according to explicit consent
  18. Adding automatic text under emails,
  19. Making necessary additions and changes to the company site and social media publications,
  20. Taking security measures in company computer programs and applications,
  21. Writing and auditing the control rules,

Shall be carried out based on this order.



Our team working on KVKK issue, in the fields of process, documentation, informatics, law and auditing, consists of KVKK experts, lawyers, supervisors and computer engineers.