ARTICLE
26 February 2021

Personal Data Protection Board Rendered A Decision Numbered 2020/787 On The Data Breach Notification Of A Company Operating In The Healthcare Sector

SL
SRP Legal

Contributor

SRP Legal logo
SRP-Legal is providing legal service to clients in a wide range of legal areas and providing legal consultancy services in sectors transformed by new business models, information and communication technologies. SRP-Legal focuses on Technology and Privacy Law. SRP-Legal’s primary expertise areas are Commercial/E-Commerce Law, Competition Law, Corporate Law, Data Protection & Data Privacy Law, Financial Technology Law, Public Policy, Technology Law, Media Law, Communication Law. SRP-Legal’s blockchain practice has experience of advising on specific, complex regulatory matters in relation to the application of blockchain technology. SRP-Legal offers advice to clients on legal and regulatory matters in highly regulated markets and industries, as well as public policy support before the Governmantal Institutions. SRP-Legal is committed to its clients’ expectations and needs and seeking their views and feedback. SRP-Legal’s target is to provide a bespoke legal, regulatory, policy and strategic advice that is fit
Explore Firm Details
Personal Data Protection Board ("Board") rendered a decision ("Decision") dated 09.10.2020 and numbered 2020/787 regarding the data breach notification made by a data controller ("Data Controller")...
Turkey Privacy
Person photo placeholder
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

Personal Data Protection Board ("Board") rendered a decision ("Decision") dated 09.10.2020 and numbered 2020/787 regarding the data breach notification made by a data controller ("Data Controller") operating in the healthcare sector.

It is stated in the Decision that the Data Controller submitted a data breach notification indicating that (i) the data breach which started on 30.09.2020 was a result of a vulnerability of an application used worldwide; (ii) the data breach was detected and ended on 05.10.2020; (iii) the supporting documents regarding the employee trainings organized within the last year of the data breach, and the technical and administrative measures taken before and after the data breach were submitted to the Authority; (iv) a notification would be made to the data subjects who are affected by the data breach, within 3 days of the notification submitted to the Board.

The Board made the following determinations regarding the data breach notification submitted by the Data Controller:

  • The data breach has occurred due to a vulnerability in a commonly used application, thus it cannot be expected from the Data Controller to interfere in this situation;
  • The Data Controller has detected the breach in a short period of time;
  • The personal data affected by the data breach is easily accessible, since such data is provided on the private company stamps and at the public sources;
  • It has been stated by the Data Controller that the data subjects would be notified in up to three days after the data breach notification was submitted to the Board;
  • The possibility of an adverse outcome due to the data breach is low in terms of the data subjects;
  • The Data Controller has taken reasonable administrative and technical measures.

In light of its assessments, the Board decided not to impose any additional sanctions on the Data Controller in accordance with Article 12 of the Personal Data Protection Law numbered 6698, provided that the supporting documents regarding the data breach notification made to the data subjects are submitted to the Board.

You may reach the full Turkish version of the Decision via the link below.

https://kvkk.gov.tr/Icerik/6860/2020-787

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.

Authors
Person photo placeholder
SRP Legal
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More