Cybersecurity 2025

TÜRKIYE Law and Practice Contributed by: Bora Yazıcıoğlu, Kübra İslamoğlu Bayer, Aslı Rabia Savaş and Yağmur Yaren Özdabakoğlu, YAZICIOGLU Legal

the data security measures required by the DP Law and requires taking the information secu - rity measures under the MoH InfoSec Directive. In addition, using KamuNet to transfer health data – where technical infrastructure allows – is required. The Guide on Protection of Personal Data in Pharmacovigilance Activities Health data is also protected in the context of the R&D process of medicines. In this regard, the Turkish Medicines and Medical Devices Agency published the Guide on Protection of Personal Data in Pharmacovigilance Activities. It speci - fies the technical and organisational measures for the security of the data processed in phar - macovigilance activities, such as: • personnel training for the first intervention regarding cybersecurity; • setting up a firewall; • using an internet gateway; • using antivirus and antispam software; • removing software with vulnerabilities and unused software; • patch management and software updates; • limiting access to systems containing per - sonal data;

• checking which software and services are running on information networks; • determining whether there is penetration or unexpected movements in information net - works; • keeping a regular record of all users’ activity (such as log records); • establishing an official reporting procedure for security issues; • reporting security issues to the data controller as quickly as possible; • collecting and storing evidence in case of cyber incidents; • preferring to use internationally recognised encryption programs; • ensuring security of environments containing personal data; and • taking measures such as 2FA and encrypting with cryptographic methods in case of storing in a cloud.

317 CHAMBERS.COM

Powered by