{"id":124,"date":"2024-01-23T12:05:56","date_gmt":"2024-01-23T09:05:56","guid":{"rendered":"https:\/\/blog.keremgumus.com\/?p=124"},"modified":"2024-01-23T21:25:25","modified_gmt":"2024-01-23T18:25:25","slug":"kvkkya-neden-ihtiyac-duyulmustur","status":"publish","type":"post","link":"https:\/\/blog.keremgumus.com\/index.php\/2024\/01\/23\/kvkkya-neden-ihtiyac-duyulmustur\/","title":{"rendered":"KVKK\u2019ya Neden \u0130htiya\u00e7 Duyulmu\u015ftur?"},"content":{"rendered":"\n<div class=\"wp-block-aioseo-table-of-contents\"><ul><li><a href=\"#aioseo-verinin-sifrelenmesi\">Verinin \u015eifrelenmesi;<\/a><\/li><li><a href=\"#aioseo-verinin-yedeklenmesi\">Verinin Yedeklenmesi;<\/a><\/li><li><a href=\"#aioseo-veri-sizintisini-engelleme\">Veri S\u0131z\u0131nt\u0131s\u0131n\u0131 Engelleme;<\/a><\/li><li><a href=\"#aioseo-sizma-testleri-penetration-tests\">S\u0131zma Testleri (Penetration Tests);<\/a><ul><li><a href=\"#aioseo-dis-kanynak\">D\u0131\u015f Kaynak;<\/a><\/li><li><a href=\"#aioseo-kisisel-verilerin-korunmasi-kanunukvkk\">Ki\u015fisel Verilerin Korunmas\u0131 Kanunu(KVKK) Di\u011fer Makalelerim;<\/a><\/li><\/ul><\/li><\/ul><\/div>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"alignleft size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"300\" height=\"300\" src=\"http:\/\/blog.keremgumus.com\/wp-content\/uploads\/2024\/01\/kucuk-logokvkk.png\" alt=\"\" class=\"wp-image-125\" srcset=\"https:\/\/blog.keremgumus.com\/wp-content\/uploads\/2024\/01\/kucuk-logokvkk.png 300w, https:\/\/blog.keremgumus.com\/wp-content\/uploads\/2024\/01\/kucuk-logokvkk-150x150.png 150w, https:\/\/blog.keremgumus.com\/wp-content\/uploads\/2024\/01\/kucuk-logokvkk-12x12.png 12w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/figure><\/div>\n\n\n<p>6698 say\u0131l\u0131 Ki\u015fisel Verilerin Korunmas\u0131 Kanunu(KVKK) 7 Nisan 2016 tarih ve 29677 say\u0131l\u0131 karar ile y\u00fcr\u00fcrl\u00fc\u011fe girmi\u015ftir. Bu kanun ile ki\u015fisel verilerin i\u015flenmesi, s\u0131n\u0131rlar\u0131 belirlenmi\u015f \u00f6l\u00e7\u00fcde ve uluslararas\u0131 standartlara tabi olacak \u015fekilde d\u00fczenlenmi\u015ftir. Ki\u015fisel verilerin korunmas\u0131 ise Anayasa Mahkemesi\u2019nin \u201cKi\u015fisel verilerin korunmas\u0131 hakk\u0131, ki\u015finin insan onurunun korunmas\u0131n\u0131n ve ki\u015fili\u011fini serbest\u00e7e geli\u015ftirebilmesi hakk\u0131n\u0131n \u00f6zel bir bi\u00e7imi olarak, bireyin hak ve \u00f6zg\u00fcrl\u00fcklerini ki\u015fisel verilerin i\u015flenmesi s\u0131ras\u0131nda korumay\u0131 [\u2026]\u201d karar\u0131nda belirtildi\u011fi gibi ki\u015filerin en temel hakk\u0131 oldu\u011fu belirtilerek ele al\u0131nm\u0131\u015ft\u0131r.<\/p>\n\n\n\n<p>Ki\u015fisel veri, elde edildi\u011fi takdirde belirli veya belirlenebilir bir ki\u015fiyle ilgili t\u00fcm bilgilerdir. Ki\u015fisel verilerin i\u015flenmesi, ki\u015fisel verilerin elde edilmesi, saklanmas\u0131, \u00fczerinde herhangi bir de\u011fi\u015fiklik yap\u0131lmas\u0131, s\u0131n\u0131fland\u0131r\u0131lmas\u0131, ba\u015fkalar\u0131na aktar\u0131lmas\u0131 ve ba\u015fkalar\u0131 taraf\u0131ndan eri\u015filebilir h\u00e2le getirilmesi, ya da kullan\u0131lmas\u0131 ve ait oldu\u011fu ki\u015fi taraf\u0131ndan kullan\u0131m\u0131n\u0131n engellenmesi gibi veriler \u00fczerinde ger\u00e7ekle\u015ftirilen her t\u00fcrl\u00fc i\u015flemi ifade eder. Yani \u00e7e\u015fitli yerlerde depolanm\u0131\u015f, daha \u00f6nce birbiri ile ili\u015fkisi olmayan pek \u00e7ok verinin merkezi olarak bir araya getirilebilmesi bunun sonucu olarak anlamland\u0131r\u0131lmas\u0131d\u0131r.&nbsp;<\/p>\n\n\n\n<p>Veri eri\u015fim ve aktar\u0131m h\u0131z\u0131n\u0131n teknoloji ile en \u00fcst seviyelere \u00e7\u0131kmas\u0131 ve her alanda yayg\u0131nla\u015fm\u0131\u015f bir bi\u00e7imde verilerin kullan\u0131lmas\u0131ndan do\u011fan koruma ihtiyac\u0131 da bu kanunun \u00e7\u0131kmas\u0131n\u0131n en temel nedenidir. KVKK, ki\u015fisel verilerin ama\u00e7 d\u0131\u015f\u0131 i\u015flenmesini ya da k\u00f6t\u00fcye kullan\u0131m\u0131n\u0131n engellenmesini, ki\u015fisel haklar\u0131n ihlal edilmesinin \u00f6n\u00fcne ge\u00e7ilmesini, verinin g\u00fcvenli\u011finin sa\u011flanmas\u0131n\u0131 ama\u00e7 edinmi\u015ftir. KVKK, t\u00fcm bu gereksinimlerin neticesinde ortaya \u00e7\u0131kan yasal d\u00fczenleme ihtiyac\u0131n\u0131 kar\u015f\u0131lamaktad\u0131r. Kanun, ki\u015fisel verilerin korunmas\u0131nda&nbsp;a\u015fa\u011f\u0131da yer alan temel ilkeleri benimsemi\u015ftir.<\/p>\n\n\n\n<p>a) Hukuka ve d\u00fcr\u00fcstl\u00fck kurallar\u0131na uygun olmak.<br>b) Do\u011fru ve g\u00fcncel olmak.<br>c) Belirli, a\u00e7\u0131k ve me\u015fru ama\u00e7lar i\u00e7in i\u015flenmek.<br>\u00e7) Topland\u0131klar\u0131 ve i\u015flendikleri ama\u00e7 ile ba\u011flant\u0131l\u0131, s\u0131n\u0131rl\u0131 ve \u00f6l\u00e7\u00fcl\u00fc olmak.<br>d) \u0130\u015flendikleri ama\u00e7 i\u00e7in gerekli olan s\u00fcre kadar muhafaza edilmek.<\/p>\n\n\n\n<p>Hangi teknolojik gereksinimlerden faydalan\u0131lmal\u0131d\u0131r?<\/p>\n\n\n\n<p>KVKK kapsam\u0131nda, kurumlar\u0131n mevzuata uygunlu\u011fu ve y\u00fck\u00fcml\u00fcl\u00fcklerini sa\u011flamas\u0131, verilerinin bulundu\u011fu ortamlar\u0131n\u0131n fiziksel g\u00fcvenli\u011fini sa\u011flamas\u0131, personel bilin\u00e7lendirmesi ve dan\u0131\u015fmanl\u0131k hizmetlerinin yan\u0131nda teknolojik \u00e7\u00f6z\u00fcmlerden de yararlanmas\u0131 gerekmektedir. Verilerin i\u015flenmesinin ama\u00e7 d\u0131\u015f\u0131 kullan\u0131m\u0131n\u0131n \u00f6n\u00fcne ge\u00e7mek ad\u0131na KVKK uyumluluk \u00e7\u00f6z\u00fcmleri geli\u015ftirilmi\u015ftir. Verinin \u015fifrelenmesi, verinin s\u0131n\u0131fland\u0131r\u0131lmas\u0131, verinin maskelemesi ve veri kayb\u0131n\u0131n engellenmesi gibi \u00e7\u00f6z\u00fcmler de\u011ferlendirilmelidir.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"aioseo-verinin-sifrelenmesi\"><strong>Verinin \u015eifrelenmesi;<\/strong><\/h5>\n\n\n\n<p>Veri g\u00fcvenli\u011finin temelini olu\u015fturur. K\u00f6t\u00fc ama\u00e7l\u0131 ki\u015filerce kullan\u0131lmak istenen veriye, yetkisiz eri\u015fimlerde elde edilememesini sa\u011flaman\u0131n en basit y\u00f6ntemidir. \u015eifreleme sadece eri\u015fimi yetkilendirmekle kalmay\u0131p verinin ve kayna\u011f\u0131n\u0131n do\u011frulu\u011funu ve b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc de korumay\u0131 sa\u011flar. Bu a\u00e7\u0131dan ki\u015filerin ya da kurumlar\u0131n, hassas veri olarak nitelendirdi\u011fi verilerini \u015fifreli olarak sunucular\u0131nda muhafaza etmeleri gerekir.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"aioseo-verinin-yedeklenmesi\"><strong>Verinin Yedeklenmesi;<\/strong><\/h4>\n\n\n\n<p>Hasar, kay\u0131p, do\u011fal felaket gibi veri b\u00fct\u00fcnl\u00fc\u011f\u00fcne zarar verebilecek herhangi bir olumsuz durumdan minimum seviyede etkilenmek amac\u0131yla yap\u0131lan bir kopyalama i\u015flemidir. \u0130\u015f s\u00fcreklili\u011fini sa\u011flamak i\u00e7in riski en aza indirerek verileri geri d\u00f6nd\u00fcrebilir hale getirmektir. Veri kayb\u0131 olmas\u0131 durumunda \u00f6nlem niteli\u011fi ta\u015f\u0131r. Bu i\u015flem&nbsp;<strong>sanal yedekleme, dok\u00fcman yedekleme, veritaban\u0131 yedekleme, mail sunucu yedekleme, bulut yedekleme olarak ger\u00e7ekle\u015ftirilebilir. Bulut(Cloud) teknolojilerinden, RAID(<\/strong>Redundant Array of Independent Disks<strong>) yap\u0131lar\u0131ndan, NAS(N<\/strong>etwork-Attached Storage<strong>) sistemleri, SAN (<\/strong>Storage Area Network<strong>) yap\u0131s\u0131, DAS(<\/strong>Direct-Attached Storage<strong>) gibi depolama \u00e7\u00f6z\u00fcmlerinden yararlan\u0131labilir.<\/strong><\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"aioseo-veri-sizintisini-engelleme\"><strong>Veri S\u0131z\u0131nt\u0131s\u0131n\u0131 Engelleme;<\/strong><\/h4>\n\n\n\n<p><strong>Kurumun hassas verilerinin sistem d\u0131\u015f\u0131na \u00e7\u0131k\u0131\u015f\u0131 denetim alt\u0131na al\u0131nmal\u0131d\u0131r. Bunun i\u00e7in&nbsp;<\/strong>DLP(<strong>Data Leak\/Loss Prevention<\/strong>) \u00e7\u00f6z\u00fcmlerinin kullan\u0131lmas\u0131 gerekir. Bu \u00e7\u00f6z\u00fcmler verinin sistemden \u00e7\u0131k\u0131\u015f\u0131n\u0131n engellemekle beraber verinin&nbsp;<strong>kurum i\u00e7inde kullan\u0131m durumlar\u0131n\u0131 g\u00f6zlemleyebilmek ad\u0131na da faydal\u0131 olur. DLP sistemleri sistem i\u00e7erisindeki yaz\u0131l\u0131msal ve donan\u0131msal kaynaklar taraf\u0131ndan verinin kullan\u0131m durumunu kontrol alt\u0131na al\u0131r. Ama\u00e7 d\u0131\u015f\u0131 kullan\u0131m\u0131, payla\u015f\u0131m\u0131, veri aktar\u0131m\u0131n\u0131 engeller. Ayn\u0131 zamanda yeni bir teknoloji olan&nbsp;<\/strong>UEBA(User and Entity Behavior Analytics) teknolojisinden de yararlan\u0131lmal\u0131d\u0131r. UEBA kullan\u0131c\u0131 davran\u0131\u015f\u0131n\u0131 analiz ederek veri ihlaline kar\u015f\u0131 olabilecek tehditleri belirleyip bunlar\u0131n raporlanmas\u0131n\u0131 sa\u011flayan bir \u00e7\u00f6z\u00fcmd\u00fcr. Anormal davran\u0131\u015flar\u0131n ve bunlar\u0131 ger\u00e7ekle\u015ftiren kullan\u0131c\u0131lar\u0131n profillerinin tespiti makine \u00f6\u011frenmesi ile ger\u00e7ekle\u015ftirilir. Sezgisel g\u00fcvenlik analizi; i\u00e7eriden gelebilecek tehditlere ve hedeflenen sald\u0131r\u0131lara kar\u015f\u0131n \u00f6nleyici savunma a\u00e7\u0131s\u0131ndan b\u00fcy\u00fck \u00f6nem ta\u015f\u0131r.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"aioseo-sizma-testleri-penetration-tests\"><strong>S\u0131zma Testleri (Penetration Tests);<\/strong><\/h4>\n\n\n\n<p>G\u00fcvenlik a\u00e7\u0131klar\u0131 nedeniyle olu\u015fabilecek bilgi kay\u0131plar\u0131na engel olabilmek i\u00e7in yap\u0131lan testlerdir. Sistemin hatalar\u0131n\u0131n ve zafiyetlerinin k\u00f6t\u00fc niyetli ki\u015filer taraf\u0131ndan istismar edilmesini&nbsp;engellemek ve sistemi daha g\u00fcvenilir bir hale getirmek amac\u0131yla yap\u0131l\u0131r. Sistemin veri s\u0131z\u0131nt\u0131s\u0131na yol a\u00e7abilecek noktalar\u0131n\u0131n \u00f6nceden bir sald\u0131rgan bak\u0131\u015f a\u00e7\u0131s\u0131yla tespit edilebilmesi g\u00fcvenli\u011fin art\u0131r\u0131lmas\u0131 a\u00e7\u0131s\u0131ndan \u00f6nem ta\u015f\u0131r. Bu testlerin d\u00fczenli ve s\u00fcrekli olarak yap\u0131lmas\u0131 ard\u0131ndan test raporlar\u0131 baz al\u0131narak gereken g\u00fcvenlik \u00f6nlemlerinin zaman kaybetmeden al\u0131nmas\u0131 gerekmektedir. Tehdit ve riskler en aza indirilerek ve siber g\u00fcvenlik sa\u011flanmal\u0131d\u0131r.<\/p>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"aioseo-dis-kanynak\">D\u0131\u015f Kaynak;<\/h5>\n\n\n\n<ol>\n<li><a href=\"https:\/\/www.mevzuat.gov.tr\/mevzuat?MevzuatNo=6698&amp;MevzuatTur=1&amp;MevzuatTertip=5\">https:\/\/www.mevzuat.gov.tr\/mevzuat?MevzuatNo=6698&amp;MevzuatTur=1&amp;MevzuatTertip=5<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.kvkk.gov.tr\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.kvkk.gov.tr<\/a><\/li>\n<\/ol>\n\n\n\n<h5 class=\"wp-block-heading\" id=\"aioseo-kisisel-verilerin-korunmasi-kanunukvkk\">Ki\u015fisel Verilerin Korunmas\u0131 Kanunu(KVKK) Di\u011fer Makalelerim;<\/h5>\n\n\n\n<ol>\n<li><a href=\"https:\/\/blog.keremgumus.com\/index.php\/2024\/01\/19\/kisisel-verilerin-korunmasi-kanunukvkk\/(yeni%20sekmede%20a%C3%A7%C4%B1l%C4%B1r)\" target=\"_blank\" rel=\"noreferrer noopener\">Ki\u015fisel Verilerin Korunmas\u0131 Kanunu(KVKK)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/blog.keremgumus.com\/index.php\/2024\/01\/23\/kurumlarin-kvkk-genel-yukumlulukleri\/(yeni sekmede a\u00e7\u0131l\u0131r)\" target=\"_blank\" rel=\"noopener\" title=\"Kurumlar\u0131n KVKK Genel Y\u00fck\u00fcml\u00fcl\u00fckleri\">Kurumlar\u0131n KVKK Genel Y\u00fck\u00fcml\u00fcl\u00fckleri<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/blog.keremgumus.com\/index.php\/2024\/01\/23\/kvkk-kurumunun-tavsiye-ettigi-teknik-onlemler\/(yeni%20sekmede%20a%C3%A7%C4%B1l%C4%B1r)\" target=\"_blank\" rel=\"noreferrer noopener\">KVKK Kurumunun Tavsiye Etti\u011fi Teknik \u00d6nlemler<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/blog.keremgumus.com\/index.php\/2024\/01\/23\/kvkknin-kapsadigi-uc-disiplin\/\" target=\"_blank\" rel=\"noopener\" title=\"KVKK\u2019n\u0131n Kapsad\u0131\u011f\u0131 \u00dc\u00e7 Disiplin\">KVKK\u2019n\u0131n Kapsad\u0131\u011f\u0131 \u00dc\u00e7 Disiplin<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/blog.keremgumus.com\/index.php\/2024\/01\/23\/kvkk-ve-kullanilan-teknolojiler\/\" target=\"_blank\" rel=\"noopener\" title=\"KVKK ve Kullan\u0131lan Teknolojiler\">KVKK ve Kullan\u0131lan Teknolojiler<\/a><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>6698 say\u0131l\u0131 Ki\u015fisel Verilerin Korunmas\u0131 Kanunu(KVKK) 7 Nisan 2016 tarih ve 29677 say\u0131l\u0131 karar ile y\u00fcr\u00fcrl\u00fc\u011fe girmi\u015ftir. Bu kanun ile ki\u015fisel verilerin i\u015flenmesi, s\u0131n\u0131rlar\u0131 belirlenmi\u015f \u00f6l\u00e7\u00fcde ve uluslararas\u0131 standartlara tabi olacak \u015fekilde d\u00fczenlenmi\u015ftir. Ki\u015fisel verilerin korunmas\u0131 ise Anayasa Mahkemesi\u2019nin \u201cKi\u015fisel verilerin korunmas\u0131 hakk\u0131, ki\u015finin insan onurunun korunmas\u0131n\u0131n ve ki\u015fili\u011fini serbest\u00e7e geli\u015ftirebilmesi hakk\u0131n\u0131n \u00f6zel bir bi\u00e7imi [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":111,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[10],"tags":[116,115,117],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.keremgumus.com\/index.php\/wp-json\/wp\/v2\/posts\/124"}],"collection":[{"href":"https:\/\/blog.keremgumus.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.keremgumus.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.keremgumus.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.keremgumus.com\/index.php\/wp-json\/wp\/v2\/comments?post=124"}],"version-history":[{"count":5,"href":"https:\/\/blog.keremgumus.com\/index.php\/wp-json\/wp\/v2\/posts\/124\/revisions"}],"predecessor-version":[{"id":164,"href":"https:\/\/blog.keremgumus.com\/index.php\/wp-json\/wp\/v2\/posts\/124\/revisions\/164"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.keremgumus.com\/index.php\/wp-json\/wp\/v2\/media\/111"}],"wp:attachment":[{"href":"https:\/\/blog.keremgumus.com\/index.php\/wp-json\/wp\/v2\/media?parent=124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.keremgumus.com\/index.php\/wp-json\/wp\/v2\/categories?post=124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.keremgumus.com\/index.php\/wp-json\/wp\/v2\/tags?post=124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}