Home/Resources/Articles/What is KVKK?
Back to Articles
KVKK5 min read

What is KVKK?

KVKK, the Turkish Personal Data Protection Law No. 6698, is the fundamental legislation that ensures personal data is processed lawfully, protected securely, and guarantees individuals' rights over their own data.

by Jusi.
Shakespeare Mood
January 20, 2026

# What is KVKK?

KVKK, the Turkish Personal Data Protection Law No. 6698, is the fundamental legislation that ensures personal data is processed lawfully, protected securely, and guarantees individuals' rights over their own data.

Simply put, KVKK states:

"If you're collecting information about a person, you must clearly explain why, collect only what's necessary, and protect that information securely."

What is Personal Data?

Personal data refers to any information relating to an identified or identifiable natural person. For example:

  • Name, surname
  • National ID number
  • Phone number, email address
  • IP address
  • Camera footage
  • Location data

Some data is classified as special categories of personal data and subject to stricter rules:

  • Health information
  • Biometric data (fingerprints, facial recognition, etc.)
  • Criminal conviction records

Who Does KVKK Apply To?

KVKK doesn't only apply to large corporations, but also to:

  • Companies
  • Associations
  • Foundations
  • Schools
  • Hospitals
  • E-commerce websites
  • Mobile applications
  • Public institutions and organizations
  • Even individuals operating independently

to the extent they process personal data.

If you're recording a customer's phone number, maintaining an employee's personnel file, or using cookies on your website, you're subject to KVKK.

What is the Main Purpose of KVKK?

KVKK has three main objectives:

  1. Prevent arbitrary collection of personal data
  2. Ensure data security
  3. Give citizens control over their own data

In this context, everyone has the right to know the answers to these questions:

  • Which of my data is being processed?
  • Why was this data collected?
  • With whom was it shared?
  • How long will it be retained?

What Are the Rights of Data Subjects (Citizens)?

According to KVKK, everyone can:

  • Learn whether their personal data is being processed
  • Request information about processed data
  • Request correction of inaccurate or incomplete data
  • Request deletion or destruction of data when conditions are met
  • Claim compensation if harmed by unlawful processing

What Are the Consequences of Non-Compliance?

Violation of KVKK results in administrative fines and reputational damage.

Fines increase annually according to the revaluation rate and can reach millions of Turkish Lira.

However, KVKK should not be viewed merely as a "penalty risk." When properly implemented:

  • Institutional trust increases
  • Customer loyalty strengthens
  • Data management becomes disciplined

Conclusion

KVKK is not just a matter for lawyers or IT teams.

It's a fundamental framework that everyone who handles personal data must know and comply with.

In short: KVKK is a protection mechanism that establishes the understanding that "data doesn't belong to me, it belongs to the individual."

Share this article

Need Help?

JUS. can help you implement best practices for compliance.

Book a Demo
Request Demo