Bize Ulaşın: +90 216 386 6888

This post is also available in: Türkçe


Our services > Consulting Services > GDPR Compliance


According to General Data Protection Regulation, which entered into force on 25 May 2018, natural and legal persons who process all kinds of personal data should protect the fundamental rights and freedoms of persons, especially the privacy of private life, in the processing of personal data. As Sibertis, we inform our customers of the risks that may arise from the provisions of the Law and ensure that they comply with the law in terms of both legal and technology.

In this regard, the requirements for businesses to process personal data are as follows:

  1. Compliance with law and integrity rules of data processing methods
  2. Correct and accurate data when needed
  3. Processing of data for specific, clear and legitimate purposes
  4. that the data should be linked, limited, and measured only for the purpose to which they were processed
  5. Storing the data for the period stipulated in the applicable legislation or for the purpose for which they were processed

The most important point of the law is to obtain the relevant explicit consent for the processing of personal data and to register this approval. Another important point is the appointment of the authority by the company to process the personal data and the responsibility of the relevant authority. In other words, any personal data may not be transferred to any other person or organization without the written consent of the relevant authority. The relevant authority is ‘fully’ responsible for keeping the data in accordance with the provisions of the law and the security of the systems in which the data is hosted.


There are 3 main parties which should be involved in GDPR adaptation period:


Determination of legislation, contracts, policies


Determining the data to be processed and determining the business processes and procedures


Supervision of database registration rules, storage of records, procurement of related solutions

As one of the most important issues in the integration process is the identification and processing of structural and non-structural data inventories. Structural data is a type of data that can be stored in a specific format such as names, birth dates, ID numbers. Resumes, electronic documents such as Word, Excel, messaging applications, scanned documents, all kinds of audio and video records can be shown as non-structural data.

In this case, it is important to classify relevant data as top secret, confidential or public. Circulation of the company within the given company or taking it out of the company should include certain rules.


Hukuki Süreç - KararBT Uygulaması
Beyan YükümlülüğüBeyan verisinin toplanması, kayıtların saklanması (örn: web sitesi, giriş uyarı sayfası, çerez kullanımı)
Açık Rıza AlınmasıAçık rıza verisinin toplanması, kayıtların saklanması (örn: kullanım sözleşmesi, gizlilik sözleşmesi)
Onay Alınmayan Kişisel Verilerin Yok EdilmesiVeritabanından ilgili bilgilerin kaldırılması, kullanıcı uyarıları
Veri Aktarımı Güvenli aktarım, kriptolama, sınıflandırma, yetkilendirme
Veri Aktarımı KurallarıBilgi güvenliği, ağa erişimin sınırlandırılması, buluta veri aktarılması kurallarının düzenlenmesi
Veri Güvenliği, Koruma
Erişim kontrolleri, kimlik doğrulama, yetkilendirme, hesap tutma
Kişisel Veri SorgulamaKayıtlar (log) işleme, yönetme


Although the solutions required by law are not explicitly stated, we recommend the following solutions for businesses to meet legal processes and decisions:

Information Security

Protection of relevant servers and end users against malware

Vulnerability Management

Identification, analysis and reporting of security vulnerabilities

Penetration Tests

Periodic penetration tests, correction of relevant deficits

Network Access Control (NAC)

Rules, entitlement, verification, secure participation of employees, guests or business partners in the corporate network

Data Classification

Protection of relevant servers and end users against malware

Data Loss/Leakage Prevention

Rules that should be applied when the data is excluded or kept in the company

Data Masking

Prevent sensitive or confidential data in databases from being seen by people who are not authorized or restricted (such as masking)

Data Storage

Protection of relevant servers and end users against malware


As Sibertis, we can ensure the entire compliance process with our business partners, including all legal and business processes, if necessary. In this case, we can provide the following services:

  1. Implement and manage GDPR obligations
  2. Identifying and managing business processes
  3. Legal advice (through our partners)
  4. Determination and implementation of technological solutions

Contact Us

9 + 9 =

Istanbul Headquarters

Esentepe Mah. Büyükdere Cad. Tekfen Kulesi 8. Kat Levent 34394 Şişli/İstanbul

Tel: 0 212 371 8668

Ataşehir Operation Center

Vedat Günyol Cad. Flora Plaza 23. Kat Ofis No: 2302 Ataşehir/İstanbul

MEA Region Office – Dubai

Emirates Towers, Sheikh Zayed Road, Level 41, PO Box: 31303 Dubai/UAE

Tel: +971 4 319 7359