NEWSLETTER-2020-metin

396 NEWSLETTER 2020 In General Both the KVKK and GDPR aim to achieve protecting the privacy of the person and ensure data security by regulating the obligations, procedures and principles to be followed by real and legal persons who process personal data. In addition, in these two Regulations, it is aimed to prevent unlimited and undiscriminated collection, access of unauthorized persons, and disclosure or violation of personal rights as a result of misuse of personal data. 2 Despite the fact that two of the mentioned legislations regulate the same scope with the same aim, there are some differences between each legislation due to the nationalities of the legal systems. Main Differences between KVKK and GDPR • Liability Arising from Data Breach: Pursuant to Article 82 of the GDPR, “Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.” As it is clearly understood from this Article, the GDPR holds the data controller liable, as well as the data processor 3 from the damages that have arisen from a data breach. Besides, pursuant to paragraph 2 of Article 18 of the KVKK, “The ad- ministrative fines listed in this Article shall be applicable to natural and legal persons who are data controllers.” In brief, the KVKK regulates the responsibilities of data controllers and data processors, separately, and holds only the data cont- roller liable for administrative fines that are regulated by the 2 Personal Data Protection Board. Implementation Guidance on Personal Data Pro- tection Law, https://www.kvkk.gov.tr/Icerik/4197/Kisisel-Verilerin-Korunmasi- Kanununa-Iliskin-Uygulama-Rehberi (Access Date: 27.01.2020). 3 Ünsal Özden, Sevgi : The Concepts of Personal Data, Data Processor, Data Con- troller and Contact Person within the scope of Personal Data Protection Leg- islation, Erdem&Erdem Newsletter, September 2019, http://www.erdem- erdem. av.tr/publications/newsletter/the-concepts-of-personal-data-data-processor-data- controller-and-contact-person-within-the-scope-of-personal-data-protection-leg- islation/.