kvkk-compliance
Installation
SKILL.md
KVKK & GDPR Compliance Patterns
Practical patterns for Turkish KVKK (Law No. 6698) and EU GDPR data protection compliance.
KVKK vs GDPR Comparison
| Aspect | KVKK (Turkey) | GDPR (EU) |
|---|---|---|
| Authority | KVKK Board (Kisisel Verileri Koruma Kurumu) | National DPAs + EDPB |
| Consent | Explicit, no pre-ticked boxes | Freely given, specific, informed |
| Breach notification | "As soon as possible" to Board | 72 hours to DPA |
| DPO requirement | VERBiS registration | Mandatory for public bodies + large-scale |
| Right to erasure | Article 7 - withdrawal + deletion | Article 17 - "Right to be forgotten" |
| Data transfer abroad | Board approval or adequate country | Adequacy decision, SCCs, or BCRs |
| Fines | Up to ~2M TL per violation | Up to 20M EUR or 4% global turnover |
| Legal bases | 5 in Article 5 + explicit consent | 6 in Article 6 + explicit consent |