The Law on the Protection of Personal Data (Kişisel Verilerin Korunması Kanunu – KVKK) was published in the Official Gazette of the Republic of Turkey on April 7, 2016 and officially entered into force. Although there has been a long adaptation period since the entry into force of the law, this large-scale regulation has not been understood by many companies in the way it will be fully implemented. The law has granted new rights to individuals, especially to companies. e-Reconciliation and the KVKK compliance.
Simply put, the KVKK has changed our general mindset about data privacy. It sets the standard framework for what data is, who owns it, whose responsibility it is and what are the general requirements for dealing with it and its possible consequences.
Rapid technological expansion and change in the KVKK compliance processes force organizations to take more responsibility for protecting the personal data they handle. Although the way each organization complies with the KVKK is different (depending on factors such as company size, the type and amount of data it processes, existing security and privacy measures, etc.), all interested parties are obliged to fulfill many responsibilities under the KVKK.
e-Reconciliation and KVKK
Melasoft team manages the e-Reconciliation process with a dedicated team with Legal and Technical expertise to understand the KVKK requirements, harmonize the solution and all applicable processes and ensure that Customer data is protected according to ISO27001 standard and the KVKK requirements.
Best practices and solutions regarding security and data privacy have always been a top priority at Melasoft e-Reconciliation. Melasoft’s experienced team applies security and privacy standards and regulations in a disciplined manner. It provides our customers with a secure reconciliation environment by reducing the risk to people and organizations from the misuse of personal data.
Melasoft e-Reconciliation Solution offers you a digital reconciliation environment that you can use in compliance with the GDPR and the KVKK in your operations primarily in Turkey and the European Union.
Melasoft e-Reconciliation solution is designed in accordance with the ISO27001 standard, which reflects most of the security and privacy requirements of GDPR-KVKK.
In case of any changes in the KVKK, our experienced team applies the additional security and privacy measures required under the KVKK to the Melasoft e-Reconciliation solution and ensures that the application is up to date.
Melasoft e-Reconciliation systems are only accessible from whitelisted Client networks.
Where appropriate, enterprise-class authentication tools can be integrated with the Melasoft e-Reconciliation Solution (Okta, OneLogin, Active Directory). In this way, higher security standards such as dual authentication can be implemented.
EU Customer data is stored in a secure data center in Europe. As a processor, we are committed to the security and confidentiality of the data, including notification to controllers in the event of a breach.
Melasoft support staff with access to Customer data are provided with appropriate training to protect the confidentiality and security of the data.
Through KVKK-compliant Explicit Consent to our Standard Agreement, we obtain from customers a classification of the personal data used for reconciliation (if any) and provide the highest level of safeguards to protect this data through technical and process-related activities.
FAQs about Melasoft e-Reconciliation
Does Melasoft e-Relationship process Personal Data on behalf of its customers?
By default, Melasoft uses low-risk personal data such as name, email and phone number to create logins for clients in the system.
Melasoft does not know whether Clients are using personal data as part of the data they choose to upload and reconcile in the system. To ensure the protection of this data, all personal data uploaded into the system must be identified by the client with the appropriate classification. In this case, Melasoft takes the necessary measures to protect this data according to the requirements of the GDPR-KVKK.
Where does Melasoft process my data?
Our hosted environments are hosted in a carefully selected third-party data center with a number of security certifications such as SSAE16, PCI, HIPAA.
How does Melasoft protect my data?
Production environments are protected by the following measures that address critical areas of GDPR-KVKK compliance:
Network
Intrusion Detection: Detects malicious traffic that can cause data breaches.
Vulnerability Scanning: Reduces the attack surface by identifying misconfigurations and missing patches/updates.
IP Reputation Management: Effective defense in blocking IP addresses associated with threat actors
Web Application Firewall: Provides effective detection and blocking of traffic associated with malicious application behavior such as cross-site scripts, SQL injection, etc.
Server
File Integrity Monitoring: Monitors unauthorized changes to critical files.
O/S Patching: Addresses O/S vulnerabilities.
Malware Protection: Protects systems from viruses and malware.
O/S Log Management: Records history of significant O/S events for response and forensic investigations.
Management
Security Dashboard: Facilitates documentation of security posture and incident communication.
Incident Response: Provides fast and prioritized response to the incident.
Data Security
All backups are encrypted with an enterprise-grade 256-bit security algorithm.
Is it possible to anonymize or delete all the personal data I have reconciled?
Yes, but this must be done on the Controller (Client) side. No personal data is required to use the Melasoft e-Reconciliation Portal, only in rare cases low-risk personal data can be used (e.g. partial names and addresses). The Client has full control to decide which data to upload and how.
Can you guarantee that my data will remain in a specific location (e.g. Europe)?
Yes, Melasoft places production and test environments according to the customer’s location and data protection requirements. Customers outside Turkey and the EU are supported with systems that will provide the best performance unless otherwise specified.
Recommendations of Melasoft e-Reconciliation for our customers
It is important that our Clients, as Data Controllers, are aware of their obligations under the GDPR-KVKK. Due to the fact that our Clients manage Melasoft systems independently, mutual efforts are required to ensure GDPR-KVKK compliance in case private data is used. This includes the Client accurately summarizing and classifying personal data so that Melasoft can ensure that appropriate GDPR-KVKK compliance measures are in place to protect the data.
No provider can understand GDPR-CVKK compliance on your behalf
It is important to treat the GDPR-KVKK as a comprehensive issue that touches many aspects of the business, and not just as a legal issue that can be resolved with an appropriate Data Processing Agreement. Each organization needs to complete its own legal, technical and operational analysis to fully understand and comprehensively implement the GDPR-KVKK and its role within it. It is recommended that this analysis include internal resources and independent expertise and ultimately produce a compliance strategy.
Understand your data.
As a Data Controller, it is solely your responsibility to fully understand and document the nature, purpose and level of risk of the private data you collect. Ultimately, only you will do this by understanding your data and designing your security approach around it. Melasoft e-Reconciliation is a great opportunity to eliminate or minimize the risk of personal data breach in your reconciliation processes.
Please feel free to contact us if you need any further information.