Bilgin METİN, Sema ERKAN, İdil ATASU, Enes YILMAZ

6228

GDPR Uyumluluk Hazırlığı için bir Araç Olarak Mahremiyet Etki Değerlendirmesi

Teknoloji, bireylerin ve işletmelerin kişisel finansal, yasal ve itibar verilerini çeşitli araçlarla paylaşmalarını ve yaymalarını sağlar. Bu kullanım kişisel veriler üzerinde kontrol kaybına neden olabilir. Kişisel verilerin korunması, şirketlerin kaçınılmaz bir yükümlülüğüdür. Sonunda, Kişisel Verilerin Korunması Hakkında Kanunlar, Avrupa Parlamentosu tarafından ilk önce 95/46 / EC sayılı AB Direktifi ve daha sonra Genel Veri Koruma Yönetmeliği (GDPR) adları altında kabul edildi. Türkiye, mevzuatını Avrupa Birliği ile tamamlama çabalarının bir parçası olarak, 7 Nisan 2016 tarihinde, 95/46 / EC sayılı AB Direktifine dayanan bir Kişisel Veri Koruma Yasasını da kabul etmiştir. Türkiye Veri Koruma Kanunu (KVKK), zaman içinde GDPR’a daha fazla yönelmiştir. Avrupalı İşletmeleri ve onların uluslararası iş ortakları da GDPR’a uymalıdır. GDPR’a uygunluk surecinde, Gizlilik Etki Değerlendirmesi (PIA) önemli bir rol oynar. Bu literatür çalışmasında KVKK için uygunluk süreci özetlenmiştir. Daha sonra ise, PIA’nin GDPR’a bağlı şirketler için ticari çalışmalar açısından ne şekillerde kolaylaştırıcı olabileceği vurgulanmaktadır.
Anahtar Kelimeler:

Mahremiyet, Mahremiyet Etki Analizi, Mahremiyet Etki Değerlendirmesi, Uyumluluk

Privacy Impact Assessment as a Tool for GDPR Compliance Preparation

Technology allows individuals and enterprises to share and disseminate their personal financial, legal, and reputational data via various tools. Such usage may cause loss of control over personal data. The protection of personal data is an indispensable obligation of companies. Eventually, Laws on Protection of Personal Data were enacted by parliament in Europe, such as firstly European Union (EU) Directive 95/46/EC and later General Data Protection Regulation (GDPR). Turkey also adopted a Personal Data Protection Law that was based on EU Directive 95/46/EC on 7 April 2016 as part of its efforts to complement its legislations with the EU. The Turkish Data Protection Law (TDPL) has been leaning more toward the GDPR. European Enterprises and their international business partners should comply with GDPR. In GDPR compliance, Privacy Impact Assessment (PIA) plays an important role. In this literature survey study, the compliance process for TPDL is summarized. Then, how PIA can be utilized as a facilitator for business endeavors for GDPR bound companies is emphasized.
Keywords:

Privacy, Privacy Impact Analysis, Privacy Impact Assessment, Compliance,

PDF

___

  • Acquisti, A. (2010). The Economics of Personal Data and the Economics of Privacy. Retrieved July 18, 2016, from http://repository.cmu.edu/cgi/viewcontent.cgi?article=1347&context=heinzworks
  • Biagini, L. (2018, July 20). Don't Confuse GDPR Compliance with Security. Retrieved November 4, 2019, from https://www.forbes.com
  • Billows, D. (2015, September). Why Projects Fail So Often?. Retrieved November 4, 2019, from https://4pm.com/2015/09/27/project-failure/.
  • Binder, D. (2016). Inside Privacy. Retrieved December 15th 2019, from https://www.insideprivacy.com/united-states/federal-government-releases-final-guidance-on-cisa/
  • Binns, R. (2017). Data protection impact assessments: A meta-regulatory approach. International Data Privacy Law, 7(1), 22-35.
  • Burger, R. (2016, September). 20 Surprising Project Management Statistics. Retrieved November 4, 2019, from https://blog.capterra.com/surprising-project-management-statistics/.
  • Burri, M., & Schär, R. (2016). The reform of the EU data protection framework: outlining key changes and assessing their fitness for a data-driven economy. Journal of Information Policy, 6(1), 479-511.
  • Calzolari, G., & Pavan, A. (2006). On the optimality of privacy in sequential contracting. Journal of Economic theory, 130(1), 168-204.
  • Clarke, R. (2011). An Evaluation of Privacy Impact Assessment Guidance Documents, International Data Privacy Law 1(2). Retrieved November 4, 2019, from http://www.rogerclarke.com/DV/PIAG-Eval.html
  • Clarke, R. (2016). Regulatory Failures in the Security Space: Some Current Cases. Retrieved November 4, 2019, from From http://www.rogerclarke.com/DV/RFSS.html.
  • DG Connect. (2018, November 12). Commission signs agreement with cybersecurity industry to increase measures to address cyber threats. Retrieved 2019, from https://ec.europa.eu/digital-single-market/en/news/commission-signs-agreement-cybersecurity-industry-increase-measures-address-cyber-threats.
  • DG Connect. (2016, July 6). Statement by Vice-President Ansip and Commissioner Oettinger welcoming the adoption of the first EU-wide Taumi Taumi rules on cybersecurity. Retrieved November 3, 2019, from https://ec.europa.eu/digital-single-market/en/news/statement-vice-president-ansip-and-commissioner-oettinger-welcoming-adoption-first-eu-wide
  • Di Iorio, C. T., Carinci, F., Azzopardi, J., Baglioni, V., Beck, P., Cunningham, S., ... & Federici, M. O. (2009). Privacy impact assessment in the design of transnational public health information systems: the BIRO project. Journal of Medical Ethics, 35(12), 753-761.
  • Dülger, M.V. (2019). Kişisel Verilerin Korunması Hukuku. İstanbul: Hukuk Akademisi Yayıncılık
  • GDPR (2016), Regulation (EU) 2016/679 (General Data Protection Regulation), Official Journal of EU.
  • Flaherty, D. (2000). Privacy impact assessments: an essential tool for data protection. Privacy Law & Policy Reporter, 5, 85.
  • HIQA. (2017). Guidance on Privacy Impact Assessment in health and social care, Health Information and Quality Authority. Retrieved November 2, 2019, from https://www.hiqa.ie/sites/default/files/2017-10/Guidance-on-Privacy-Impact-Assessment-in-health-and-social-care.pdf
  • ICO (2012, December 12). What is personal data? – A quick reference guide. Retrieved November 3, 2019, from https://ico.org.uk/media/for-organisations/documents/1549/determining_what_is_personal_data_qu ick_reference_guide.pdf
  • ICO (2015). Conducting privacy impact assessments code of practice. Retrieved October 2, 2019, from https://ico.org.uk/media/about-the-ico/consultations/2052/draft-conducting-privacy-impact-assessments-code-of-practice.pdf
  • IPC (2015). Planning-for-Success Privacy Impact Assessment Guide. Retrieved November 2, 2019, from https://www.ipc.on.ca/wp-content/uploads/2015/05/Planning-for-Success-PIA-Guide.pdf
  • ISO/IEC 29134 (2017). Information technology — Security techniques — Guidelines for privacy impact assessment. Retrieved November 3, 2019, from https://www.iso.org/obp/ui/#iso:std:iso-iec:29134:ed-1:v1:en.
  • Kaya, K. (2017). Kişisel Verilerin Korunması Kanunu Çerçevesinde Veri Tabanı Sistemlerinin Yönetilmesi. Retrieved November 4, 2019 from http://kdkaya.blogspot.com/2018/03/kisisel-verilerin-korunmas-kanunu.html
  • Lloyd, I. J. (2017). Information technology law. Oxford University Press.
  • Lopes, I. M., Guarda, T., & Oliveira, P. (2019). Implementation of ISO 27001 standards as GDPR compliance facilitator. Journal of Information Systems Engineering & Management, 2(4), 1-8.
  • Mayer-Schönberger, V., & Cukier, K. (2013). Big data: A revolution that will transform how we live, work, and think. Houghton Mifflin Harcourt.
  • Monica, N. & Kumar, K. R. (2013). Survey on Big Data by Coordinating MapReduce to Integrate Variety of Data. International Journal of Science and Research (IJSR) ISSN (Online), 2319-7064.
  • Newman, A. (2008). Protectors of privacy: Regulating personal data in the global economy. Cornell University Press.
  • SEC. (2007). Privacy Impact Assessment (PIA) Guide. Retrieved November 3, 2019, from https://www.sec.gov/about/privacy/piaguide.pdf
  • Siegel B. (2016). What is the difference between privacy and security?. Retrieved November 4, 2019 from https://www.csoonline.com
  • TBDL (2016). The Law on the Protection of Personal Data No. 6698. Official Gazette of Turkish Republic. enacted on 7 April 2016 and No. 29677
  • Tuomi, I. (1999). Data is more than knowledge: Implications of the reversed knowledge hierarchy for knowledge management and organizational memory. Proceedings of the 32nd IEEE International Conference on Systems Sciences, Hawaii 1999. HICSS-32. pp. 12.
  • Varkonyi, G. G. (2017). Evaluation on Turkey's Data Protection Adventure. Eur. Data Prot. L. Rev., 3, 238.
  • Whitney, H. (2012). Data insights: new ways to visualize and make sense of data. Newnes.
  • Wright, D., & De Hert, P. (2012). Introduction to privacy impact assessment. In Privacy Impact Assessment. Springer, Dordrecht.
  • Wright, D. (2012). The state of the art in privacy impact assessment. Computer Law & Security Review, 28(1), 54-61.
  • Zerlang, J. (2017). GDPR: a milestone in convergence for cyber-security and compliance. Network Security, 2017(6), 8-11.
Kişisel Verileri Koruma Dergisi-Cover
  • ISSN: 2667-6524
  • Yayın Aralığı: Yılda 2 Sayı
  • Başlangıç: 2019
  • Yayıncı: Kişisel Verileri Koruma Kurumu
Arşiv
Sayıdaki Diğer Makaleler

Bankacılık Sektöründe Kişisel Verilerin Korunması ve Müşteri İlişkileri Yönetimi

Aylin ERDOGDU

E-Gizlilik Tüzük Taslağının Son Versiyonu Üzerine Düşünceler

Leyla KESER BERBER, Ayça ATABEY, Melis MERT

Blokzincir Üzerinde Depolanan Verilerin Kişisel Veri Niteliği ve Silinemezlik, Yok Edilemezlik Sorunu

Osman Gazi GÜÇLÜTÜRK

Veri Sorumlularının Aydınlatma Yükümlülüğü -Avrupa Birliği ve Türk Hukukunda-

Şehriban İpek AŞIKOĞLU

GDPR Uyumluluk Hazırlığı için bir Araç Olarak Mahremiyet Etki Değerlendirmesi

Bilgin METİN, Sema ERKAN, İdil ATASU, Enes YILMAZ

Kabahatler Kanunu'nun İçtima Hükümleri Açısından Kişisel Verilerin Korunmasına İlişkin Suç ve Kabahatler ile Kurul’un İdari Ceza Kararlarına İlişkin Bir Değerlendirme

Aslihan KART, Muammer KETİZMEN

Kişisel Verilerin Korunmasının Vergi Mahremiyeti ile Etkileşimi

Yiğit YILDIZ