Turkey: KVKK fines gaming company TRY 1, 100, 000 for breach notification violations

[Destry Winant <destry () riskbasedsecurity com>]

https://www.dataguidance.com/news/turkey-kvkk-fines-gaming-company-try-1100000-breach-notification-violations

The Personal Data Protection Authority ('KVKK') published, on 23 June 2020,
its decision ('the Decision') of 16 April 2020, fining a gaming company a
total of TRY 1,100,000 (approx. €142,980) for data breach notification
violations. In particular, the Decision concerns a data breach suffered by
the gaming company in which hackers were able to gain access to the
company’s player data affecting 39,995 individuals in Turkey. Specifically,
the Decision highlights that the company was fined 1,000,000 TRY (approx.
€129,980) for violations of Article 12 of the Law on Protection of Personal
Data No.6698 ('the Law') and not having taken the necessary technical and
administrative measures to ensure the appropriate level of security.
Furthermore, the Decision notes that the gaming company was fined an
additional TRY 100,000 (approx. €13,000) for failures to report the breach
within the 72-hour period required.

You can read the Decision, only available in Turkish, here
<https://kvkk.gov.tr/>.

_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange