Contact Us: +90 216 386 6888 (Tr) / +971 (4) 401 8553 (UAE)


Our services > Consulting Services > GDPR Compliance


According to General Data Protection Regulation, which entered into force on 25 May 2018, natural and legal persons who process all kinds of personal data should protect the fundamental rights and freedoms of persons, especially the privacy of private life, in the processing of personal data. As Sibertis, we inform our customers of the risks that may arise from the provisions of the Law and ensure that they comply with the law in terms of both legal and technology.

In this regard, the requirements for businesses to process personal data are as follows:

  1. Compliance with law and integrity rules of data processing methods
  2. Correct and accurate data when needed
  3. Processing of data for specific, clear and legitimate purposes
  4. that the data should be linked, limited, and measured only for the purpose to which they were processed
  5. Storing the data for the period stipulated in the applicable legislation or for the purpose for which they were processed

The most important point of the law is to obtain the relevant explicit consent for the processing of personal data and to register this approval. Another important point is the appointment of the authority by the company to process the personal data and the responsibility of the relevant authority. In other words, any personal data may not be transferred to any other person or organization without the written consent of the relevant authority. The relevant authority is ‘fully’ responsible for keeping the data in accordance with the provisions of the law and the security of the systems in which the data is hosted.


There are 3 main parties which should be involved in GDPR adaptation period:


Determination of legislation, contracts, policies


Determining the data to be processed and determining the business processes and procedures


Supervision of database registration rules, storage of records, procurement of related solutions

As one of the most important issues in the integration process is the identification and processing of structural and non-structural data inventories. Structural data is a type of data that can be stored in a specific format such as names, birth dates, ID numbers. Resumes, electronic documents such as Word, Excel, messaging applications, scanned documents, all kinds of audio and video records can be shown as non-structural data.

In this case, it is important to classify relevant data as top secret, confidential or public. Circulation of the company within the given company or taking it out of the company should include certain rules.


Legal Process - DecisionIT Application
Obligation of DeclarationCollection of declaration data, storage of records (eg website, login warning page, use of cookies)
Obtaining ConsentCollection of open consent data, storage of records (eg usage agreement, confidentiality agreement)
Onay Alınmayan Kişisel Verilerin Yok EdilmesiDestruction of Unauthorized Personal Data
Data transferSecure transfer, encryption, classification, authorization
Data Transfer RulesInformation security, limiting access to the network, regulation of data transfer to the cloud
Data Security, Protection
Access controls, authentication, authorization, account keeping
Personal Data InquiryLog processing


Although the solutions required by law are not explicitly stated, we recommend the following solutions for businesses to meet legal processes and decisions:

Information Security

Protection of relevant servers and end users against malware

Vulnerability Management

Identification, analysis and reporting of security vulnerabilities

Penetration Tests

Periodic penetration tests, correction of relevant deficits

Network Access Control (NAC)

Rules, entitlement, verification, secure participation of employees, guests or business partners in the corporate network

Data Classification

Protection of relevant servers and end users against malware

Data Loss/Leakage Prevention

Rules that should be applied when the data is excluded or kept in the company

Data Masking

Prevent sensitive or confidential data in databases from being seen by people who are not authorized or restricted (such as masking)

Data Storage

Protection of relevant servers and end users against malware


As Sibertis, we can ensure the entire compliance process with our business partners, including all legal and business processes, if necessary. In this case, we can provide the following services:

  1. Implement and manage GDPR obligations
  2. Identifying and managing business processes
  3. Legal advice (through our partners)
  4. Determination and implementation of technological solutions

Contact Us

Istanbul Headquarters

Saray Mah Dr Adnan Büyükdeniz Cad , Cessas Plaza 2. Blok Kapı No 4/21, İstanbul, Umraniye 34768, Turkey

Tel: +90 216 386 6888

Ataşehir Operation Center

Vedat Günyol Cad. Flora Plaza 23. Kat Ofis No: 2302 Ataşehir/İstanbul

Tel: +90 216 359 7943

MEA Region Office – Dubai

Boulaverd Plaza Tower 1 Sheikh Mohammed Bin Rashid Boulevard, Downtown, Dubai, Dubai United Arab Emirates

Tel: +971 (4) 401 8553