Skip to content

GDPR Research

Halil Umut Özdemir edited this page Feb 24, 2020 · 5 revisions

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

Principles

Unless a data subject has provided informed consent to data processing for one or more purposes, personal data may not be processed unless there is at least one legal basis to do so. Article 6 states the lawful purposes are:

  • If the data subject has given consent to the processing of his or her personal data
  • To fulfill contractual obligations with a data subject, or for tasks at the request of a data subject who is in the process of entering into a contract
  • To comply with a data controller's legal obligations
  • To protect the vital interests of a data subject or another individual
  • To perform a task in the public interest or in official authority
  • For the legitimate interests of a data controller or a third party, unless these interests are overridden by interests of the data subject or her or his rights according to the Charter of Fundamental Rights (especially in the case of children)

In our application, the lawful purpose can be the consent of the user. This consent must have been explicit for data collected and each purpose data is used for (Article 7; defined in Article 4). Consent must be a specific, freely-given, plainly-worded, and unambiguous affirmation given by the data subject; an online form that has consent options structured as an opt-out selected by default is a violation of the GDPR, as the consent is not unambiguously affirmed by the user. Also, Data subjects must be allowed to withdraw this consent at any time, and the process of doing so must not be harder than it was to opt-in.

Rights of the Data Subject

  1. Transparency and Modalities
  • Article 12 requires that the data controller provides information to the 'data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child.'
  1. Information and Access
  • The right of access (Article 15) is a data subject right. It gives citizens the right to access their personal data and detailed information about how this personal data is being processed.
  1. Rectification ad Erasure

  2. Right to Object and Automated Decisions

  • Article 21 of the GDPR allows an individual to object to processing personal information for marketing, sales, or non-service related purposes. This means the data controller must allow an individual the right to stop or prevent a controller from processing their personal data.

Responsibilities of the Developers

  • According to the GDPR, pseudonymisation is a required process for stored data that transforms personal data in such a way that the resulting data cannot be attributed to a specific data subject without the use of additional information (as an alternative to the other option of complete data anonymisation). Encryption can be an example way of pseudonymisation.

  • Records of processing activities must be maintained that include purposes of the processing, categories involved and envisaged time limits. The records must be made available to the supervisory authority on request (Article 30).

  • Security of personal data is also a responsibility of the developers.

Kişisel Verilerin Korunması Kanunu (KVKK)

KVKK is a law similar to the GDPR. As we can see in GDPR; to use, store or move any personal information we have to get the permission of the owner of the data. Also, there is some technical precaution advice which is written on the 28th page of the PDF[3].

For more information about GDPR and KVKK

References

  1. https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
  2. https://www.mevzuat.gov.tr/MevzuatMetin/1.5.6698.pdf
  3. https://www.kvkk.gov.tr/yayinlar/veri_guvenligi_rehberi.pdf








Clone this wiki locally