KVKK (Personal Data Protection Law) is a legal framework determined for the processing, protection and use of personal data in Turkey. KVKK entered into force on 7 April 2016.

Businesses operating in the machinery sector can also process personal data and therefore have to comply with KVKK. Examples of personal data processed in the machinery sector are data such as the name of the employees, contact information, work experience, salary information.

According to KVKK, there are some basic principles regarding the processing of personal data:

→ Principle of law and honesty: The processing of personal data must be carried out in a lawful and honest manner.

→ Purpose limitation principle: Personal data must be processed for specific, explicit and legitimate purposes. The data cannot be used for other than these purposes.

→ Data minimization principle: Personal data processed must be necessary and limited for the purposes. Unnecessary or excess data should not be collected.

→Accuracy principle: Processed personal data must be accurate and up-to-date. Data should be updated when necessary.

→ Retention limitation principle: Personal data should be retained for as long as necessary for the specified purposes. When the time expires, the data must be deleted or anonymized.

→ Security principle: Necessary technical and organizational measures should be taken to ensure the security of personal data.

→ Businesses operating in the machinery sector should take the following steps to comply with KVKK:

→ Creating and updating a data inventory on how personal data is collected, processed and stored.

→ To determine the legal basis for data processing activities such as express consent, legal obligation or legitimate interest.

→ To take the necessary technical and organizational measures to ensure the security of personal data.

→ To fulfill the obligations of informing and enlightening the relevant persons.