0Pricing
Cyber Security Academy · Lesson

GDPR and KVKK Essentials

Core principles and data subject rights.

GDPR and KVKK Overview

The GDPR (EU General Data Protection Regulation, 2018) and Turkey's KVKK (Kanun No. 6698, 2016) are the two frameworks this lesson covers. KVKK was heavily modeled on the EU approach, so the core principles align closely.

Both regulate how personal data is processed and grant strong rights to individuals, backed by significant penalties.

Key Roles

Both laws define core roles:

  • Data subject (KVKK: ilgili kisi): the person the data is about
  • Controller (KVKK: veri sorumlusu): decides why and how data is processed
  • Processor (KVKK: veri isleyen): processes on the controller's behalf

The controller carries primary accountability, even when work is outsourced to a processor.

All lessons in this course

  1. Why Data Privacy Matters
  2. GDPR and KVKK Essentials
  3. Data Classification and Minimization
  4. Breach Notification and DPIAs
← Back to Cyber Security Academy