Handling complex data protection compliance processes that require constant monitoring using traditional methods is very challenging for both you and your consultant. We understand that your time is limited and valuable.
What is GDPR?The Personal Data Protection Law, which came into force in 2016, regulates the obligations of personal data processors in the processing of personal data, and sets out the principles and procedures they must comply with. The law aims to protect the fundamental rights and freedoms of individuals, starting with the privacy of private life.
The addressee of the law includes all natural and legal persons engaged in personal data processing activities. Therefore, clinics and medical centers must process personal data in compliance with the law.
Clinics collect and process the personal data of patients and employees. Therefore, they must conduct their activities in accordance with GDPR. You can summarize what needs to be done, the legal obligations, in 9 main categories:
Violation of the Information Obligation: Administrative fine ranging from 9,834 TL to 196,686 TL
Violation of Data Security: Administrative fine ranging from 29,503 TL to 1,966,862 TL
Failure to Comply with Board Decisions: Administrative fine ranging from 49,172 TL to 1,966,862 TL
Failure to Register: Administrative fine ranging from 39,337 TL to 1,966,862 TL
Illegal Recording of Personal Data: Imprisonment from 6 months to 3 years
Illegal Sharing and Disclosure: Imprisonment from 1 year to 6 years
Failure to Delete Data: Imprisonment from 6 months to 1 year
Compensation: Compensation for material damage and moral compensation claim
The registration obligation, also known as the obligation to register with VERBIS, has a registration deadline of March 31, 2021. Therefore, clinics and medical centers whose main activity is handling health personal data must complete their registration procedures by March 31.
