Collect explicit consents, create your personal data processing inventory and manage GDPR / KVKK related processes effectively with MBIS e-Rıza
You can easily run and control your GDPR / KVKK processes with a holistic approach and ensure your legal compliances within days with e-Rıza, an ERP-independent software solution specially developed in MBIS R&D Center.
e-Rıza enables to automatically create explicit consent texts according to the purposes in the Personal Data Processing Inventory, collect, store, report and manage explicit consents from employees and third party individuals via e-Mail.
e-Rıza allows collecting personal data through automatically created digital forms (for example, for visitors at receptions, job candidates, participants in digital or physical events) and obtaining explicit consents via email or SMS in order to be able to legitimately process the collected personal data.
Individuals can view and manage their explicit consent from a single platform with their computer or mobile devices; they can grant new consents, withdraw their existing consents and track the clarification texts they received.
e-Rıza allows you to create and manage your ‘Personal Data Processing Inventory ’ as a living document in compliance with the related national personal data protection regulations such as GDPR and KVKK.
e-Rıza enables sending, recording, tracking, managing and reporting the clarification texts which are automatically created according to latest GDPR / KVKK guidelines.
e-Rıza allows fulfilment of personal data related information requests from individuals or official agencies; by informing the responsible employees to deal with the request, running the approval process and collecting, sending, tracking and reporting the necessary information to respond to the requests.
For the purpose of protecting personal data, e-Rıza can create and assign GDPR / KVKK relevant tasks automatically or on-demand to responsible employees and helps tracking, managing, closing and reporting those tasks.
e-Rıza offers many more functionalities in terms of both ensuring the security of sensitive personal data and managing processes within the scope of GDPR / KVKK.
Our e-Rıza solution, with its wide integration feature, can be adapted to your needs, can be managed with mobile use, and consent can be obtained from people who share their data with you easily in order to use personal data by providing the flexibility you need.
e-Rıza provides a powerful integration layer to exchange data through web services and allows downloading e-mail recipient information.
Thanks to its advanced integration structure, e-Rıza is a solution capable of working in connection with corporate websites , portals and landing web pages.
Although e-Rıza comes with Turkish and English language options as standard, it can be easily used in other languages with its embedded dictionary structure.
e-Rıza is a ‘responsive’ software solution suitable for using on mobile devices, without the need for a native mobile application.
e-Rıza is a web application that does not have to be installed on or integrated to any ERP, including SAP® .
e-Rıza can be easily customized, adapted and improved according to the company specific needs.
e-Rıza provides ready-to-use master data, process designs and customizations that cover the requirements of legal regulations by saving time and costs and minimizing risks.
e-Rıza has dashboard screens that enable tracking of explicit consent texts and tasks based on status (sent, accepted, rejected, pending, completed, etc.)
e-Rıza has a natural integration of SAP® PDP (Personal Data Protector) software which centrally manages and orchestrates all KVKK / GDPR processes within SAP® systems.
Manually obtaining, processing, storing, reporting, tracking and managing explicit consents from multiple systems can be complex and labour-intensive. MBIS’ e-Rıza solution allows you to easily overcome these difficulties from a single central platform.
Failure to obtain explicit consent for certain personal data processing processes may result in severe administrative fines. With e-Rıza, you can protect your organization from these sanctions and secure GDPR / KVKK compliance.
With e-Rıza, you will have the opportunity to benefit from MBIS’ experience and know-how on GDPR / KVKK gained from various industries, and you get valuable guidance during the project implementation.
You can both reduce your workload and increase your prestige in the eyes of your customers by allowing individuals to control and manage their GDPR / KVKK rights by themselves, such as granting or withdrawing explicit consents, accessing clarification texts and requesting information.
Compared to the other solutions available in the market, e-Rıza is a special application that can be deployed with full set of functions and technical features within days, which will bring you numerous benefits in a much shorter time
Thanks to the ready-to-use embedded master data, processes and customizations e-Rıza brings to be compliant with regulations, you can minimize the risks that may occur due to manual entry errors, delays, forgetting and skipping.
* Penalties for recording personal data, unlawfully providing or intercepting data and not destroying data are not dependent on the filing of a complaint.
“Personal data” means any information relating to an identified or identifiable natural person. In order to speak of personal data, the data must be related to a person and that person must be identified or identifiable.
Sensitive personal data is data which, if disclosed, can leave the data subject open to discrimination or unfair treatment.
Conditions for processing personal data
Personal data shall not be processed without explicit consent of the data subject. Personal data may be processed without seeking the explicit consent of the data subject only in cases where one of the following conditions is met:
Sensitive personal data can only be processed with the explicit consent of data subject or with any of the conditions set out by the law. Personal data can not be transferred in country or abroad without the explicit consent of data subject. The requirements declared by the Personal Data Protection Authority must be fulfilled for international data transfer.
“Explicit consent” means freely given, specific and informed consent by data owners (subject person) for the processing of personal data. Explicit consent must be related to a specified issue, based on information and declared by free will.
There are different implementations in different regulations. Exceptions are defined in the laws that countries are subject to. It is not necessary to obtain explicit consent, in case of exceptions which are referred to in the law.
According to the Personal Data Protection Law, sensitive data may be processed without seeking the explicit consent of the data subject only in cases where one of the following conditions is met:
Explicit consent must be clear, understandable, simple and include a positive consent statement. Clarification must be presented before the consent statement. Explicit consent must be provable. Explicit consent must be withdrawable.
The obligation of data controller to inform informs the data owner about; the identity of the data controller and, if any, its representative, the purpose for which personal data will be processed, the method and legal reason for collecting personal data and to whom and for what purpose personal data can be transferred, before processing personal data.
According to KVKK, disclosure is required during the acquisition of personal data. The fulfillment of the disclosure obligation must be provable. Disclosure should be carried out whenever personal data are processed or when the purpose of data processing changes. The disclosure obligation must be fulfilled; within a reasonable period after obtaining the personal data if personal data are not obtained from the subject person, during the first contact if the personal data will be used for communication with the subject person, and at the latest during the first transfer of the personal data if the personal data will be transferred.
e-Rıza is a personal data management system developed in compliance with different regulations such as GDPR and KVKK. It is a mobile compatible web application that can work with different systems with its powerful integration functions, and which helps manage processes such as creating a personal data processing inventory, automatically creating explicit consent texts, obtaining explicit consent from institution employees and third parties via email or integration, collecting personal data through automatically created forms, and obtaining Explicit Consent via email or SMS for the information in these forms, fulfilling the obligation of data controller to inform and meeting the information requests of individuals and institutions.
Data integrity is ensured by defining environments which personal data are stored to the system, information and data changes from data owners are managed, tasks are created for the environments where personal data are stored by calculating the retention periods of the purposes. It has many features such as multi-company management, management of transferred of external clarification and consents, strong reporting structure, multiple language support, information management, role and field-based user management, department management along with API support, CMS integration, secure file transfer and cloud model. In addition, new features are presented to customers every day through integrations to new systems.
The system's Individual Login Module enables data owners to manage their explicit consent requests from all institutions using the e-Rıza system without registering, providing corporate transparency and facilitating explicit consent management.
e-Rıza is a mobile compatible web application, not a software module. It supports different regulations such as GDPR and KVKK. Its strong infrastructure enables the integration of external systems. Tasks that can be created for environments where personal data are stored and, these tasks can be read and operated directly via external software. With the principle of transparency, personal data owners can examine their explicit consent, monitor data processing purposes, and easily manage them. It includes different features such as security measures inventory, message management system integration, versioning, secure file transfer, and customized reporting. It has a file upload feature that enables fast multiple data entries and updating the inventory. e-Rıza works in the cloud and is constantly developing by gaining new features.
To obtain explicit consent on e-Rıza these steps can be followed:
In addition, data owners can manage their explicit consent without creating a registration by entering the Personal Login Module on the e-Rıza system.
Information texts are created based on the purposes created in e-Rıza. According to your purpose, you can directly use embedded text templates, edit existing templates, or upload the texts that you have created to the system.
Information texts are created for desired purposes in e-Rıza. A common information text is automatically created for selected purposes, but you can create a new text or change the automatically created text. You can create the information texts by:
e-Rıza is software-independent. It is a mobile compatible web application.
e-Rıza has an automatic integration with PDP. Institutions using the SAP® PDP module can directly use e-Rıza.
You can integrate e-Rıza with other other software through its API support.
e-Rıza does not provide email or SMS services. Only emails and SMSs required for personal data management can be sent via the e-Rıza system.
Purposes stored in e-Rıza can be associated with the Message Management System (IYS). If you make an agreement with the intermediary service provider companies that e-Rıza is integrated with and make the necessary definitions in e-Rıza, you can manage commercial electronic message permissions via e-Rıza. This way, approval statuses within e-Rıza which are based on commercial electronic messages and require explicit consent are kept up-to-date by synchronizing the approval statuses in the message management system with the related purposes.
The data subjects' names, surnames, emails, telephone numbers and e-Rıza user language preferences are stored in e-Rıza. The user language is to determine the interface language that data subjects will use to manage Explicit Consent and to manage information and data change requests. It is possible to collect personal information from data owners via e-Rıza forms, however, the data responsibility belongs to you.
e-Rıza has multi-company and multi-brand support. You can manage your group companies with authorized users.
With the e-Rıza add-on, you can share files with the people you define in e-Rıza for the purposes you have defined and selected for data sharing in the system. The files you want to send are stored on e-Rıza servers, secured and automatically destroyed at the end of the determined period.
The KVK Institution does not support integration, however, it is possible to manage your records by obtaining a VERBIS Inventory Report from e-Rıza.
e-Rıza is designed with an infrastructure that complies with different regulations. You can use it by entering inventory for different regulations.
You can provide information requests by creating personal data reports.
Data owners can request information, information update, and anonymization and can also manage their explicit consent via the e-Rıza Personal Login Module. You can provide demand management by manually defining external requests to the system.
It is possible to transfer external explicit consents and clarification/information records to e-Rıza.
e-Rıza is cloud-based. You can pay-per-use under commitment. Additional services are charged separately.
e-Rıza servers are located in data centers in Turkey.
You can use e-Rıza's or your own email service provider.
You can use e-Rıza's SMS service or arrange your own email service from SMS provider companies that e-Rıza has an agreement with. Once received, you must define your own email service on e-Rıza.
e-Rıza emails are sent from servers located within Turkey.
Explore trends, SAP® technologies, news and insights through the eyes of MBIS team
Bu dokümanın amacı, bir S/4HANA Finance projesinin hazırlık aşamasında yapılması gerekenlere dikkat çekmek ve implementasyonun geri kalanının daha sorunsuz ilerlemesini sağlamaktır.Download