KVKK and GDPR in Workcube
GDPR (General Data Protection Regulation) is an acquis that determines the regulations on data protection and privacy in the European Union and the European Economic Area.
GDPR Authority is an authority to protect data. It primarily aims to help individuals take control of their personal information and then to ensure that companies comply with these regulations.
Path: System > System Management > GDPR Dashboard
Security Level
Within the scope of GDPR, Security Levels that ensure the protection of personal data by masking are determined. Go to the New Registration screen and enter "Security Level" and "Description".
You can go to the listing screen with the list button and the defined security levels are listed with the search button.
The GDPR Authorization separator is located on the Control Panel > System > Security > Authorization Groups screen. The created "Security Level" categories are listed directly under the Authorization Groups detail GDPR Authorization heading and can be specifically selected through checkboxes for users included in the authorization group.
Note: You can find more information about GDPR Authorization and Security Levels through our attached content. Read the article titled "GDPR Authorization".
Data Category Type
TR ID Number, Name and Surname Information, Parents' Name are a data category and are collected under the "identity" category. Phone Information, Address Information, E-Mail, KEP are a separate data category and are defined and classified under the "communication" category.
Active/passive status of the defined data category type is selected via the "Active" select box and registration is performed via the "Save" button.
Example data category types can be diversified as follows.
Data Category
The main category to which each personal data processed by the data controller within the scope of KVKK belongs is called "Data Category". The defined Security Level and Data Category Type are linked to a Data Category.
In this example, the "personnel" data category type and the "personal data-confidential" security level are linked to the Human Resources (HR-IK) data category.
You can go to the listing screen on the "List" button.
Keywords
Critical content is organized on the Keywords screen. For example; Expressions such as "cancer", "disease" can be entered as keywords. On the registration screen, these expressions are associated with the data category type, the word type and search type are selected; Registration is made by determining the active-passive status.
Security Measure
Companies are obliged to take technical and administrative measures in order to preserve their personal data in accordance with the law.
The Security Measure record screen consists of details where customized measures are processed and classified in accordance with the company's fields of activity.
For example, confidentiality agreements signed during recruitment are considered within the scope of security measures.
You can go to the listing screen with the "List" button and the security measures are listed with the search button.
Data Transfer Group
Multiple data exchanges occur within the companies themselves and within the group of companies.
Personal Data may be processed by data controllers for various purposes. You may also want to share it with others. The transfer of information held by data controllers to domestic and international authorities is ensured in accordance with a set of rules.
Data transfer groups are created via the New Registration screen.
Data Subject Group
Data subject is a person who can be directly or indirectly identified as "an identified natural person, a name, an identification number, location data, etc." Data subject groups are defined.
Purpose of Data Processing
What are the purposes of processing data and the legal basis of processing (these articles cover the lawful data processing purposes listed in the law) via the Purpose of Data Processing screen.
For example; Obtaining identity information from the employee is based on the legal reason "Execution of Application Processes of Employee Candidates" "Data Responsibility and Policies: New Registration" is defined on the screen.
Information Text
Information Text is an obligation of the business. These are documents that aim to inform the data owner on certain issues and must be signed by internal and external data owners in every company. The date and by whom the last version of the Clarification Text was created are displayed on this screen. Previous records can be accessed from the HistoryHistory section.
Note: The created illumination text can be accessed via the question mark icon on the top menu.
Attention: This text is for the processing of personal data. It does not have the meaning of consent text. "Explicit Consent" for the processing of Personal Data is also given.
Permissions
This is the screen where employees are listed and approved according to the GDPR Information Text.
Note:For more information about KVKK and GDPR, you can check out our other content. The article titled "KVVK and GDPR" can be read.