Corporate KVKK Trainings
It is of great importance for employees to take first action regarding cyber security and attacks that will harm personal data security, in order to ensure personal data security.
Corporate Training Services
In addition to attacks aimed at violating personal data security, issues such as unlawful disclosure or sharing of personal data are among the main personal data security violations. These violations can also occur in the form of opening an e-mail attachment containing malicious software by using the weaknesses of the users such as carelessness, inattention or inexperience, or opening the personal data to third parties by sending the e-mail to the wrong recipient.
Regardless of the position of the data controller, the roles and responsibilities related to personal data security should be determined in the job descriptions and employees should be aware of their roles and responsibilities in this regard. In addition, while granting the right to access media containing personal data or creating a corporate culture in this regard, attention should be paid to acting in accordance with the principle of "Everything is Forbidden Unless Permitted", not the principle of "Everything is Free Unless Prohibited".
On the other hand, employees may be required to sign confidentiality agreements as part of their hiring process. There should also be a disciplinary process that will take effect if employees do not comply with security policies and procedures.
For this reason, it is very important for employees to receive training on issues such as not unlawful disclosure and sharing of personal data, awareness-raising activities for employees, and creating an environment where security risks can be identified, in terms of ensuring personal data security.
After defining and prioritizing risks to personal data; control and solution alternatives to reduce or eliminate the said risks; should be evaluated in line with the principles of cost, applicability and usefulness, necessary technical and administrative measures should be planned and put into practice. These measures do not always require high costs, and it is also possible to take these measures at no cost or low cost, or to already exist in the systems.
In case of significant changes in the policies and procedures regarding personal data security; It should be ensured that these changes are made available to the employees through new trainings and that their information on threats to personal data security is kept up-to-date.