“Data”, which is considered one of the most valuable assets today, which is the source of individuals ' right to privacy, and which is the most important criterion of firms in creating a commercial strategy and client portfolio, should be protected. This data should be protected by individuals, as well as by sovereign power states. In this context, the applications that started with GDPR (General Data Protection) in the European Union and entered into force with the Personal Data Protection Law No. 6698 in our country are aimed at ensuring data security. In this context, there are a number of obligations that individuals and legal entities that store personal data must comply with. If these obligations are not met, there is a risk of severe sanctions. In accordance with our legislation, in case of non-compliance with obligations;

•  For crimes related to personal data, the provisions of Article 135 to 140 of the Turkish Criminal Act of 9/26/2004 and 5237 apply.
•  According to the law, those who violate personal data are sentenced to imprisonment from 1 to 3 years.
•  In addition, a person who intercepts this data by way of violation can also be sentenced to imprisonment from 2 to 4 years.

In accordance with the personal data protection law no 6698;

•  About those who do not fulfill the lightning obligation provided for in article 10, administrative fine can be imposed from 5,000 Turkish lira to 100,000 Turkish lira,
•  For those who do not fulfill the data security obligations provided for in article 12, administrative fine can be imposed from 15,000 Turkish lira to 1,000,000 Turkish lira,
•  For those who do not comply with the decisions made by the Council in accordance with article 15, administrative fine can be imposed from 25,000 Turkish liras to 1,000,000 Turkish liras,
•  An administrative fine of 20,000 Turkish liras to 1,000,000 Turkish lira is imposed on those who act in violation of the obligation to register and notify the Registry of data principals provided for in Article 16.

Wise Group provides the following services in order to complete the installation, compliance and follow-up processes with its expert team and partner Software Company.

SCOPE OF SERVICE

1. VERBIS registration process is performed.

2. VERBIS contact person appointment process is carried out.

3. Guidance documents are being prepared for GDPR compliance.

4. Corporate business and third party contracts are established in accordance with GDPR.

5. In accordance with the communique on the procedures and principles of applying to the Data Officer 30356, the Relevant Person's Help Desk is created.

6. Clarification, consent and waiver declarations are issued.

7. The necessary security measures are taken in relation to “Ensuring Data Security”, which is paid the most attention by the law and the decisions of the institution.

8. Necessary administrative measures are taken to ensure data security. In this context, the following services are provided.

8.1.Identifying current risks and threats,

8.2.Employee training and awareness studies,

8.3.Defining personal data security policies and procedures,

8.4. Management of relationships with data processors.

9. Necessary TECHNİCAL measures are taken to ensure data security.

10. In order to ensure personal data security, a “Server” located in Turkey will be available for your use and all technical, administrative and software security measures will be taken for the “Server”.

11. Personal data inventory is being prepared.

12. Personal data – critical data separation will be realized by evaluating the data in the personal data inventory.

13. Special Qualified Personal Data will be identified.

14. GDPR organization chart will be determined.

15. Internal audit organizational structure will be determined.

16. Procedures for deleting, destroying or anonymizing personal data will be determined.

17. Procedures for obtaining, recording, storing and deleting personal data will be determined. These procedures will be made in accordance with legislation.

18. Necessary measures will be taken regarding special qualified personal data.

19. Access to data held by the company will be regulated.

20. Documents to be published on the website will be arranged.

21. Relevant personnel will be trained.

22. In accordance to article 11 of the Personal Data Protection Law No. 6098, examination of claims shall be carried out.

23. Changes to legislation will be transmitted to you on a monthly basis.