Pharmacies, dentists, medical centers, psychologists, private practice, elderly nursing homes, laboratories and dieticians, etc. The registration period for Data Controllers Registry Information System (VERBİS) is on 31 March filling up.
According to the DPC Personal Data Protection Consultancy statement, the registration of real and legal person data controllers with more than 50 employees or with an annual financial balance of more than 25 million TL, as well as real and legal person data controllers residing abroad, was completed last year.
Pharmacists, doctors, dentists, clinics, outpatient clinics, hospitals, dieticians, psychologists, dialysis centers, rehabilitation centers, medical laboratories and optical shops, as well as all data responsible businesses operating in the health sector, whose main activity is special quality personal data processing, The registration period of public institutions and organizations such as chambers expires on 31 March.
“REGISTRATION IS NOT THE JOB OF FINANCIAL CONSULTANTS, BUT PROFESSIONAL SUPPORT IS A MUST”
Those whose opinions are included in the statement DPC Personal Data Protection Consultancy Senior Manager (CEO) Sefa KarcıoğluStated that it is in the group that processes special quality data after large-scale companies for VERBIS registration.
Stating that the registration process in question is quite comprehensive, Karcıoğlu said:
“We witnessed that those who tried to have their financial advisor have the registration process done without consulting their lawyer and information security expert for the registration process, could not register, made erroneous notifications in legal and technical matters, and made false statements to an official institution. Registration procedures are not the work of financial advisors. It should not be forgotten that the notifications made must be up-to-date and genuine.
It is not enough to get a password for VERBIS registration, it is a necessity to take administrative and technical measures, which are listed in the law, in order to be able to answer hundreds of questions and register correctly.
For this reason, getting support from professionals is very important for data controllers. Administrative measures are not just about three or five documents, and technical measures are not just about antivirus and firewall. Businesses should take technical measures by purchasing additional software and hardware when necessary to ensure the security of data, not rely on fixed documents in order to take administrative measures, and should have their own operations edited specifically. ‘
PHARMACIES, DOCTORS, DENTISTS AND LABORATORIES SHOULD ATTENTION
Karcıoğlu underlined that the regulation, which will expire on March 31, is of particular concern to the group that processes the health data of individuals.
The group that processes health data from special quality personal data that did not register until the said date Administrative fines from 39 thousand 337 TL to 1 million 966 thousand TL Stating that he will have to pay, Karcıoğlu said, ‘The Personal Data Protection Board has imposed an administrative fine of hundreds of thousands of lira on tens of pharmacists and physicians since 2018, on the grounds that technical and administrative measures were not taken.
As can be understood from the penalties of the Board, VERBIS registration and notification procedures must be completed after the technical and administrative measures are taken together. If other administrative and technical measures specified in the law are not taken, further penalties will be applied to enterprises. “” Warned.